Officials from the Biden Administration formally accused China of cyberattacks breaching the email systems of the Microsoft corporation, which are used by many of the world’s largest and most powerful companies, as well as governments and military contractors, on Monday.
A statement titled “Responding to the PRC’s Destabilizing and Irresponsible Behavior in Cyberspace,” was released by the US State Department on Monday morning.
This marks the very first time that the United States has formally accused China of paying money to criminal entities to conduct large-scale hackings of companies which involve ransomware and extortion.
The US will also organize a group of allies, including all the nations belonging to NATO, in order to condemn Beijing for cyberattacks it is responsible for all around the world.
China cyberattacks extorted millions of dollars
A US official, who earlier spoke anonymously to reporters, noted that the US will accuse China of paying criminal groups to conduct large-scale actions, including hackings, and ransomware attacks in order to extort millions of dollars from corporations.
He added that the United States was “not ruling out further actions to hold (China) accountable.”
The US Justice Department announced today that four Chinese nationals and residents had been indicted by a federal grand jury in San Diego in “a campaign to hack into the computer systems of dozens of victim companies, universities and government entities” both in the US and overseas, between 2011 and 2018.
Three of these people, it said, were officers from Hainan State Security, who are accused of “coordinating, facilitating and managing computer hackers and linguists” for firms that hack others “for the benefit of China and its state-owned and sponsored instrumentalities,” according to the Justice department.
Recently, Microsoft had discovered that hackers who had been linked to the Chinese Ministry of State Security had exploiting vulnerabilities in its email systems in March.
The expected announcement will contain details about the methods used in that attack; this will be the first time ever that the United States will posit that the Chinese government itself had hired criminal groups to undertake such criminal actions.
Until now, the US, along with NATO and the European Union, have been slow to accuse China of any such attempts as it is major trading partner and holds a great deal of debt from Western nations.
However, recently German companies, which do not use the Cloud for its email systems but rather maintains them on its own, were the target of major hacking attempts aimed at Microsoft Exchange, prompting the country to finally speak out agains the Chinese government.
However, reports say that the coming announcement, as ground-breaking as it is, will not include any meaningful punishment or sanctions for the actions of the Chinese government, such as those directed toward Russia back in April.
At that time, the White House imposed sanctions regarding the “Solar Winds” cyberattack which was aimed at not only US government agencies but a host of more than one hundred American companies as well.
Experts see the Biden action as unprecedented, as a coordinated statement from the White House, along with European and Asian governments accused “Criminal contract hackers” to conduct a range of nefarious activities.
The same anonymous official also stated that China was the source of ransomware attacks, with demands going into the “millions of dollars.”
Cyberattacks target energy, food production
The Cold-War type accusations appear to place the West at odds with both China and Russia after a host of cyberattacks caused upset in the energy and food production sectors of the American economy.
The enormous extent of Chinese involvement in such attacks came as a surprise, according to the official.
“What we found really surprising and new here was the use of criminal contract hackers to conduct this unsanctioned cyber operation and really the criminal activity for financial gain,” one official noted.
“That was really eye-opening and surprising for us,” he added.
The announcement regarding the China cyberattacks comes as a bit of a surprise after Biden’s detractors had called him soft on China last year during the Presidential elections. The blunt accusation of Chinese officials in the widespread hacking is a first — as is the coordination of a response among allied nations.
As it is now, the US and the rest of the world remain vulnerable to ransomware and other crimes as experts race to create walls around their cyber domains in an attempt to ward off future attacks.
Russia’s sophisticated Solar Winds attack comprised an effort by its intelligence service to alter code to gain access to more than 18,000 companies, US federal agencies and even think tanks.
According to experts, the Chinese attacks have not been quite that intricate, but they still exploited a weakness that Microsoft had not previously been aware of.
Once into the system, China was able to undertake espionage — which seriously damaged the confidence in security of systems used by many firms to protect their in-house communications.
After months of investigation, the Biden administration has what the official called “high confidence” that the Microsoft email hacking was undertaken at the request of China’s Ministry of State Security; moreover, it was aided by others who had been hired by Chinese intelligence.
The email hacking ended up affecting tens of thousands of such systems, including those of United States military contractors.
China was caught red-handed back in 2014, when it stole more than 22 million security clearance files from the US’ Office of Personnel Management; the staggering breach allowed China to have a wide swath of information on of the lives of the Americans who had been cleared to keep some of the nation’s most important secrets.
President Biden stated earlier this year that he would strengthen government’s cybersecurity, making such security a focus during his Geneva meeting with President Vladimir Putin of Russia in June.
In his remarks to reporters on Sunday, the anonymous senior administration official stated that even this most public condemnation of China yet will not prevent such attacks in the future.
“No one action can change China’s behavior in cyberspace,” the official stated, adding “And neither could just one country acting on its own.”
Not all the allied countries agreed to such a public outing of China as engaging in this criminal behavior; still, the Biden administration persuaded enough allies to join on the denunciation to maximize pressure on Beijing to curtail its cyberattack campaign.
The expected statement will be the first-ever such document issued by NATO itself targeting China for cybercrime. It will be jointly issued by the United States, Australia, Britain Canada, the European Union, Japan and New Zealand.
There will be further information coming out of the National Security Agency and the FBI are on Monday regarding the Chinese “tactics, techniques and procedures,” including exactly how Beijing contracts with criminal elements in its attacks by which the Chinese government gains financing, the official said.
In another unprecedented facet of the hacking drama, recently the FBI gained clearance, by way of a court order, to go into go into “unpatched” corporate computer systems and remove pieces of code that had been left by Chinese hackers that could have enabled follow-up attacks.
The marked the first time in history that the FBI had been allowed to remediate an attack after it had investigated its perpetrators.
The following is the text of the statement issued by US Secretary of State Antony Blinken:
You are subscribed to Press Releases for U.S. Department of State. This information has recently been updated, and is now available.
Responding to the PRC’s Destabilizing and Irresponsible Behavior in Cyberspace
Antony J. Blinken, Secretary of State
“The United States and countries around the world are holding the People’s Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security. The PRC’s Ministry of State Security (MSS) has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.
“In addition, the United States government, alongside our allies and partners, has formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims. As evidenced by the indictment of three MSS officers and one of their contract hackers unsealed by the Department of Justice today, the United States will impose consequences on PRC malicious cyber actors for their irresponsible behavior in cyberspace.
“Apart from the PRC’s direct commitments not to engage in cyber-enabled theft of intellectual property for commercial gain, the international community has laid out clear expectations and guidelines for what constitutes responsible behavior in cyberspace. Responsible states do not indiscriminately compromise global network security nor knowingly harbor cyber criminals – let alone sponsor or collaborate with them. These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll.
“The United States is working with our partners and allies to promote responsible state behavior in cyberspace, counter cybercrime, and oppose digital authoritarianism. We are also providing support to countries that are committed to building their capacity to protect their digital networks, investigate and impose consequences on malicious cyber actors, and participate in international conversations on cyber policy. These efforts will enhance global security and stability in cyberspace. The State Department is committed to driving this agenda forward, and we call upon all states that wish to see greater stability in cyberspace to join us in these efforts.