The United States, the United Kingdom and its allies formally attributed the Microsoft Exchange hack to Chinese government-affiliated actors and accused the Chinese government of a wide range of “malicious cyber activities”, which raised tensions this week. passed between the White House and China.
The group of nations said Monday that the Chinese government has been the mastermind behind a series of malicious ransomware, data theft and cyberespionage attacks on public and private entities, including the extensive Microsoft Exchange hack earlier this year. year.
“The Chinese government must end this systematic cyber sabotage and can expect to be held accountable if it does not do so,” UK Foreign Secretary Dominic Raab said in a statement on Monday.
The White House said it was teaming up with European nations to expose the magnitude of China’s activity and will take steps to counter it.
“Responsible states do not indiscriminately compromise the global security of the network or consciously harbor cybercriminals, let alone sponsor or collaborate with them,” Secretary of State Antony Blinken said in a statement. “These contract hackers cost governments and businesses billions of dollars in intellectual property robbery, ransom payments and cybersecurity mitigation efforts, even though MSS had them on payroll,” in reference to the State Security Ministry of China.
EU foreign policy chief Josep Borrell said the cyberattack was carried out from China and “caused significant security risks and economic losses for our government institutions and private companies”. The activities were related to the hacker groups Advanced Persistent Threat 40 and Advanced Persistent Threat 31, according to an EU statement on Monday.
The group of nations attributing the attack to China includes Australia, Canada, New Zealand, Japan and NATO, marking the first condemnation by the US-European alliance of China’s cyber activities. said the senior Biden administration official.
Monday’s announcement will add to the range of issues (including economic, military and political): the US and China have disagreed. These tensions intensified last week when the administration warned investors about the risks of doing business in Hong Kong with an adviser saying China’s push to exercise more control over the financial center threatens the state of right and endangers employees and data.
The United States also accused four Chinese citizens affiliated with the State Department of Security of a campaign to hack computer systems of dozens of companies, universities and government entities in the United States and abroad between 2011 and 2018 The indictment, which was quenched on Monday, alleges that hackers led, among other things, the investigation into the Ebola vaccine.
President Joe Biden has described competition with China as one of the ultimate challenges of the century. Chinese leaders were shocked by the administration’s decision to enforce tariffs imposed by former President Donald Trump and were outraged by their support for the reopening of a review of how the Covid-19 pandemic began and if leaked from a laboratory in Wuhan.
With Monday’s report, the U.S. intends to show how China’s State Security Ministry uses hackers to conduct unapproved cyber operations around the world, including its own personal benefits.
“In some cases, we are aware that cyber operators affiliated with the PRC government have conducted rescue operations against private companies that have included multi-million dollar rescue claims,” the White House said in a fact sheet.
The Chinese Foreign Ministry did not immediately respond to a request for comment outside of office hours. In March, the ministry dismissed allegations that Chinese-based government hackers were behind cyber attacks on Microsoft Exchange servers, accusing the company of making “baseless allegations” and saying tracking the source of the attacks Cybernetics is a “very sensitive political issue.” China has long insisted that it is not an perpetrator but a victim of cyberattacks.
As part of the announcement, the National Security Agency, the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation detailed more than 50 tactics used by state-sponsored Chinese hackers. when targeting U.S. and allied networks, including fake emails with malicious attachments, public-facing apps, and driving engagement.
Agencies also provided technical advice and mitigation to address threats, such as installing patches to protect against system vulnerabilities, enforcing login and password requirements, and storing critical information about empty air systems. .
Threats include state-sponsored cyber extortion, also known as ransomware attacks, in which the Chinese government has demanded millions of dollars from private companies in exchange for digital keys that allow victims to regain access. on their computer networks, the official said.
Microsoft Corp. has previously attributed the hack to Chinese actors, the software giant called Hafnium. According to the fact sheet, the U.S. assessment appears to support Microsoft’s findings, attributing the hack to MSS-affiliated actors with “a high degree of trust.”
The attack on Microsoft Exchange e-mail servers erupted over two weeks between late February and early March. Microsoft first released software patches on March 2 to fix critical vulnerabilities exploited in the hack. The attack exposed tens of thousands of victims ’email systems, including those at health facilities, manufacturers, energy companies and state and local governments.
Until now, most ransomware attacks had been attributed to operators in Eastern Europe and North Korea. Now, the United States accuses the Chinese government not only of conducting malicious cyber operations, but also of hiring mercenaries, according to the official. The claim accuses China of not only sponsoring espionage, but also of supporting and possibly supporting the work of cybercriminals carrying out these attacks.
Due to the breadth of casualties around the world, the formal attribution only occurred after the United States had achieved a high level of trust in the source of the hack and the announcement could be made in concert with allies. , the official added.