WASHINGTON (CN) — The Biden administration, together with a swath of U.S. allies, accused China on Monday of hacking Microsoft email servers and engaging in other large-scale ransomware and cyberattacks.
“The United States is deeply concerned that the [People’s Republic of China] has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit,” the White House said in a statement, underlining that China’s Ministry of State Security has engaged in ransomware attacks, cyber-enabled extortion, crypto-jacking as well as rank theft.
Though Monday's announcement did not include sanctions — a contrast to the punishment Russia faced in April for its role in the SolarWinds attack on a host of federal agencies and more than 100 private companies — it is the first time the White House has openly accused China of paying shadowy groups to partake in cybercrimes.
Also unique is that the statement from the White House comes with open support from NATO and the European Union.
“We stand in solidarity with all those who have been affected by recent malicious cyber activities including the Microsoft Exchange Server compromise. Such malicious cyber activities undermine security, confidence and stability in cyberspace,” the NATO council said Monday. “In line with our recent Brussels Summit Communiqué, we call on all States, including China, to uphold their international commitments and obligations and to act responsibly in the international system, including in cyberspace.”
China is an integral trading partner for most global powers, so while the tough talk was flowing Monday, NATO also carefully reiterated in its statement a “willingness to maintain a constructive dialogue” with the communist world power.
Microsoft in March fingered China for hacking its email systems in January, saying the nation targeted officials across diverse industries from health and academia to nonprofit organizations to defense contractors to think tanks and politicians.
Seeking out trade secrets, once the China-based hackers launched their attack, it triggered multiple waves of data breaches from other opportunists all too eager to exploit the burgeoning security breach.
The Associated Press reported this spring that cybersecurity experts assessing the hack estimated that it harmed some 30,000 people in the U.S. and roughly 250,000 people worldwide.
Canada, Japan, the United Kingdom, Australia and New Zealand also joined the White House to condemn the Chinese government’s role in the hacks on Monday.
Officials representing the European Union issued a statement too, saying cyber criminals with ties to the Chinese government have shown how their crimes inevitably lead to “significant spill-over and systemic effects for our security, economy and society at large.”
“We have also detected malicious cyber activities with significant effects that targeted government institutions and political organizations in the EU and member states, as well as key European industries. These activities can be linked to the hacker groups known as Advanced Persistent Threat 40 and Advanced Persistent Threat 31 and have been conducted from the territory of China for the purpose of intellectual property theft and espionage,” Josep Borrell Fontelles, foreign policy chief for the European Union, said Monday.
The National Security Agency and the Cybersecurity and Infrastructure Security Agency, or CISA, as well as the FBI, issued a threat assessment on Chinese-state-sponsored cybercrimes on Monday. The agencies highlighted how bad actors use a series of virtual private servers to mask their activities.
U.S. intelligence groups believe the hackers first connect to the server, scan the network for any and all vulnerabilities, then swoop right in.
Patching up openings, especially like those systems that rely on “remote code execution,” is a priority, the assessment notes.
The U.S. intelligence community also wants companies and any would-be target to enhance surveillance of its own network traffic and email systems while increasing antivirus capacity.
In the meantime, the Department of Justice is picking up the pace indicting cybercriminals.
On Monday, the department announced the unsealing of an indictment in San Diego against four Chinese nationals who targeted U.S. government offices, colleges and universities and other private companies between 2011 and 2018.Three of the defendants are alleged to be officers working in a regional branch of China’s Ministry of State Security known as the Hainan State Security Department.
The department identified victims of that breach in the U.S., Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom.
Two more hackers from China accused of stealing terabytes of data were also indicted earlier this month in Spokane, Washington, according to a statement from the Justice Department released Monday but dated for Tuesday.
In the 11-page indictment, Chinese nationals Li Xiayou and Dong Jiazhi are identified as well-trained and part of a “hacking campaign lasting more than 10 years to the present.”
They allegedly attacked companies in the U.S., Australia, Belgium, Germany, Japan, the Netherlands, Spain, South Korea, Sweden and the UK.
From pharmaceuticals to gaming, Xiayou and Jiazhi engaged in an alleged pattern of extortion where they would threaten to release victims’ stolen source code data online if they did not receive a ransom.
“More recently, the defendants probed for vulnerabilities in computer networks of companies developing Covid-19 vaccines, testing technology and treatments,” prosecutors say.
Assistant Attorney General John Demers said the indictments indicate clearly that China has now “taken its place in a shameful club of nations” that already includes Russia, Iran and North Korea.
During a press conference Monday afternoon, White House press secretary Jenn Psaki hedged on questions about how sanctions might impact the U.S. economy given America’s heavy reliance on imported goods from China.
“The U.S. will continue to be in touch with Chinese officials at a high level,” Psaki said before remarking that she also did not have any further information about whether it is the Chinese government doing the hacking or if the assaults are being contracted out.
China last tangled with the U.S. and other world powers for its vast hacking efforts in 2014. That year, China was caught stealing some 21 million security clearance files from the Office of Personnel Management, an agency directly responsible for running the whole of human resources for the U.S. federal government.
Social security numbers, birth dates, fingerprint records and more from individuals who applied for work in the federal government were exposed in the breach. In 2019, the D.C. Circuit revived a class action over the hack by the National Treasury Employees Union as well as the American Federation of Government Employees.
The escalation of censure against China also falls in line with an executive order President Joe Biden issued in May, directing the national intelligence community to modernize and strengthen its cybersecurity defenses.
The executive order was rolled out after the nation’s largest fuel pipeline, Colonial Pipeline, was breached. The pipeline was offline for days and the company’s CEO Joseph Blunt admitted publicly that the fuel conduit paid a ransom of $4.4 million in cryptocurrency to obtain a decryption key it needed to regain control of its network.
Follow Brandi Buchman on Twitter
Read the Top 8
Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.