US accuses China of staging cyber attacks around the world
The White House and its Western allies have accused the Chinese government of partnering with criminal gangs to carry out large-scale cyber attacks, including one against Microsoft this year that affected tens of thousands of organizations.
The prosecution came as the US Department of Justice unveiled an indictment alleging that four Chinese nationals affiliated with the Department of State Security oversaw a separate campaign to infiltrate businesses, universities and agencies. governments in the United States and abroad between 2011 and 2018.
Antony Blinken, US Secretary of State, said China’s actions posed “a major threat to” economic and national security. “Responsible states do not blindly compromise the security of the global network or knowingly host cybercriminals – let alone sponsor or collaborate with them,” he added.
A senior administration official said the United States had a “high degree of confidence” that attackers of the MSS payroll had led an offensive against Microsoft’s Exchange messaging app, which was revealed in March. A cybersecurity researcher claimed it had affected at least 30,000 organizations, including businesses and local governments. The White House did not specify which particular group of hackers or contractors were responsible for the attacks.
The United States’ decision to condemn China on Monday was backed by a coalition of allies, including those in Europe and NATO who have historically been reluctant to publicly criticize Beijing. Diplomats hope that by exposing the MSS’s links to hackers, they will persuade the Chinese government to sever ties with these groups. However, it is unclear what action will be taken if China does not comply.
The European Council said the Microsoft Exchange hack was “irresponsible and harmful behavior” which had resulted in security risks and “significant economic losses” to government institutions and private businesses across Europe.
NATO said it had noted that cyber threats to the alliance were increasingly “complex, destructive and coercive”, and called on all states, “including China” to meet their commitments to act responsibly in cyberspace.
The UK first said on Monday that it considers two Chinese hacking groups, APT 40 and APT 31, to be linked to the Chinese MSS.
British officials have expressed concern over the growing recklessness of China’s backed cyber activity and have raised their objections privately with Beijing over the past three years to no effect. The use of criminal gangs to carry out cyber espionage and intellectual property theft has made it easier for the Chinese government to deny their involvement in these activities – an issue that Western allies now want to address.
The joint action marked a new front in Washington’s battle against the rising tide of ransomware attacks, which have so far been blamed largely on gangs suspected of operating from Russia.
Meanwhile, according to the DoJ indictment, four Chinese nationals carried out a seven-year hacking campaign targeting the aviation, defense, education, government, health and of biopharmacy in various countries, including the United States, Canada, Germany, Saudi Arabia and the United Kingdom. .
He alleged that hackers stole information on sensitive technologies such as servicing autonomous vehicles and commercial airplanes, as well as infectious disease research on Ebola, MERS and HIV. This group was previously called APT 40, also known as “Bronze”.
The indictment named three Chinese nationals – Ding Xiaoyang Cheng Qingmin and Zhu Yunmin – as state security officials in Hainan province who allegedly created a shell company to hide government involvement in the operation hacking.
A fourth man, Wu Shurong, has been named as a hacker who allegedly created malware, hacked computer systems operated by foreign governments, companies and universities, and supervised other members of the hacking team.
The threat posed by cyber attacks has proliferated during the pandemic, with hackers exploiting vulnerabilities exposed by employees working remotely.
The United States is more and more in a hurry to act. President Joe Biden warned his Russian counterpart Vladimir Putin this month that Moscow will face consequences if it does not act against ransomware attackers, who typically grab a company’s data or systems and demand payment for free them.
Biden’s threat followed highly disruptive ransomware attacks against companies such as Colonial Pipeline, which was forced to shut down temporarily, and JBS, the world’s largest meat processor.
US officials also said they were “surprised” to discover that individuals affiliated with the Chinese MSS were behind a ransomware stunt in which hackers demanded millions of dollars from a US corporation.
The US Department of Justice indicted five Chinese citizens last September for hacking more than 100 companies around the world as part of a state-backed group known as APT41.