The United States Faces Multiple Cyberattack Fronts
The United States claims that China is behind the Microsoft Exchange hack and other ransomware threats.
On Monday, the Biden administration accused China of a breach of Microsoft Exchange email server software that affected tens of thousands of machines across the globe earlier this year, according to a press release.
The United States and its partners have issued a strong condemnation of China for its “malicious” cyberattacks, which have included a breach of Microsoft Exchange email server software that affected tens of thousands of machines across the globe earlier this year. China has denied the allegations.
The United States Department of Justice charged four Chinese nationals with hacking on Monday, as Washington accused Beijing of extortion and endangering national security by threatening the United States.
The Microsoft breach, which was revealed in March, impacted at least 30,000 organizations in the United States, including local governments and businesses around the globe.
Secretary of State Antony Blinken accused China of being responsible for the attack, saying it was part of a "pattern of reckless, disruptive, and destabilizing conduct in cyberspace" that posed a significant danger to the United States' economic and national security.
China's "Ministry of State Security (MSS) has created an ecosystem of criminal contract hackers who carry out both state-sponsored operations and cybercrime for their own financial benefit," according to Blinken in a statement.
The announcements brought attention to the cyber threat posed by Chinese government hackers when Joe Biden's administration is preoccupied with attempting to stop ransomware attacks from Russian-based syndicates that have targeted critical infrastructure, including a massive fuel pipeline.
Other cyber threats emanating from Beijing have been revealed by the administration and its allies, including ransomware assaults by government-affiliated hackers that have attacked businesses and demanded millions of dollars in ransom.
According to a senior US administration official who did not want to be identified, the MSS has been using criminal contract hackers who have participated in cyber-extortion schemes and theft for their own benefit.
According to the official, the Unified States, the European Union, the United Kingdom, Australia, Canada, New Zealand, Japan, and NATO are united in their opposition to the danger.
For the first time, the North Atlantic Treaty Organization, a military alliance established in 1949, has joined a formal denunciation of China's cyber actions.
On a separate note in this regard, the United States Justice Department announced charges against four Chinese nationals – three security officials and one contract hacker – who are accused of cooperating with the MSS in an extensive hacking campaign that targeted dozens of computer systems, including those of businesses, universities, and government organizations, between 2011 and 2018.
An official statement from the Justice Department said that the campaign targeted trade secrets in various sectors such as aviation, defense, education, government, health care, biopharmaceutical, and marine industries.
“The indictment of three MSS officials and one of their contract hackers, which was unsealed today by the Department of Justice, demonstrates that the United States will hold [Chinese] harmful cyber actors accountable for their reckless conduct in cyberspace,” Blinken stated.
China was also singled out by the European Union and the United Kingdom.
According to the EU, several Chinese hacker groups have engaged in harmful cyber operations with "serious consequences" against government institutions, political organizations, and important businesses in the bloc's 27 member states.
Josep Borrell, the EU's foreign policy director, said in a statement that the hacking was "conducted from the territory of China for the aim of intellectual property theft and espionage."
As reported by the United Kingdom's National Cyber Security Centre, the organizations targeted marine businesses and naval defense contractors in the United States, Europe, and the Finnish government.
Recently, there have been many notable ransomware attacks, including one that damaged a major US pipeline, one that harmed a meat factory, and attacked software company Kaseya, which affected 1,500 companies.
The vast majority of the most devastating and high-profile recent such assaults have been perpetrated by Russian organized crime syndicates.
The employment of criminal contract hackers by the Chinese government "to undertake unsanctioned cyber operations worldwide is unique," according to a senior US official, who noted that the United States has sometimes seen links between Russian intelligence services and individual hackers.
During a news conference on Monday, Jen Psaki, the White House press secretary, was asked why the United States was not retaliating with economic penalties, as it had done with Russia.
According to Psaki, “We are really elevating and taking measures to not only speak out publicly but definitely take action as it pertains to harmful cyber activities from China, which we have seen differently, but which we have also seen from Russia,” she added.
“We are not making a distinction.”
It was disputed by the White House press secretary that the United States was hesitant to implement penalties since the United States economy is highly reliant on Chinese imports.
“We are not going to hold back,” Psaki said.
“We will not allow any economic situation or factor to deter us from taking action when it is necessary.“
In addition, we retain the right to take further measures if we believe it is necessary to do so. As far as cyber operations with China or Russia are concerned, this does not represent the culmination of our efforts.”
As Psaki said, "We will, of course, continue to have close contact with Chinese authorities at the highest levels, and this will be the case in this respect as well."
According to a senior administration official, it took until now because of the discovery of ransomware and for-profit hacking operations. In part, the administration wanted to pair the announcement with guidance for businesses on tactics the Chinese have been employing in their attacks.
According to a senior administration official, the assault was carried out by "malicious cyber actors associated with the MSS" who were "very confident" in their actions.
The FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency released a warning on Monday outlining specific tactics and methods that government organizations and companies may use to defend themselves.
The unusually vehement criticism threatens to further erode a relationship between the United States and China that has already been strained by trade tensions, China's military buildup, a crackdown on democracy activists in Hong Kong, treatment of Uyghurs in the Xinjiang region, and aggression in the South China Sea, among other issues.
Biden and other G7 and Nato leaders joined forces last month at summits in the United Kingdom and Belgium to accuse China of presenting fundamental threats to the international order.
When asked about the Microsoft Exchange hack, a spokesperson for the Chinese foreign ministry stated that China "firmly opposes and combats cyber attacks and cyber theft in all forms." She also cautioned that attribution of cyber-attacks should be based on evidence rather than "groundless accusations."