US and allies blame China’s spy agency for ‘really eye-opening’ cyberattacks
Cyberattackers linked to a Chinese spy agency conducted a major ransomware attack against an American company, adding a new layer of complexity to a threat usually attributed to Russia, according to President Joe Biden’s administration.
“This was surprising to us,” a senior administration official acknowledged in a media briefing Sunday on how China’s Ministry of State Security has emerged as a major cybersecurity threat. “And, in fact, one of the reasons that we’ve put so much work into this attribution is because it really gave us new insights on the MSS’s work and on the kind of aggressive behavior that we’re seeing coming out of China.”
China is also responsible for the Microsoft Exchange hack, detected in March, that affected “tens of thousands of computers around the world,” according to the official.
The scale and severity of those hacks spurred a chorus of American allies to join U.S. officials in condemning Beijing’s behavior, including the North Atlantic Treaty Organization — a milestone in American efforts to rally the transatlantic allies against threats emanating from the Chinese Communist regime.
“This was NATO’s first public attribution to China of this kind of malicious cyberactivity,” the senior administration official said. “So, we think we’re at that first important stage of bringing awareness and buy-in to this attribution, and focusing us together on our collective security efforts, promoting network defense, and other actions needed to disrupt these threats.”
Cyberattacks have loomed over the diplomatic arena in recent months, especially after hackers targeting the Colonial Pipeline caused shortages at gasoline stations in several states. State Department officials last week unveiled “a reward of up to $10 million for information” that could help investigators identify or find cyberattackers who are “acting at the direction or under the control of a foreign government.”
The recent flurry of such attacks has aggravated U.S. relations with Russia, which has shouldered most of the blame for the breaches in Washington.
“The related harm to public health and safety is incalculable, and can only be expected to grow as digital technologies become more intertwined in our daily lives. … Russia is a hotbed for this dangerous activity,” Senate Foreign Relations Chairman Bob Menendez, a New Jersey Democrat, wrote in a Tuesday letter to Secretary of State Antony Blinken.
Biden administration officials declined to provide details on the ransomware attack attributed to China-affiliated hackers, but the new announcement brings China into the first rank of cyberthreats against the United States and other democratic allies — and not always for pure strategic advantage.
“What we saw [that was] really surprising and new here was the use of criminal contract hackers, as I said, to conduct this unsanctioned cyberoperation and the — really, the criminal activity for financial gain,” the senior administration official said. “That was really eye-opening and surprising for us.”
Biden’s team issued the accusation in a coordinated announcement with not only NATO but also the European Union, the Five Eyes intelligence-sharing clique — which includes Australia and New Zealand, in addition to the United Kingdom, Canada, and the U.S. — and Japan.
“We’re really excited about the breadth of this attribution,” the senior administration official added. “It highlights just the number of victims of Chinese malicious cyberactivity and the degree to which countries increasingly recognize that there’s power in collective defense and that working together will be just far more effective in countering this activity.”