US, UK allies blame Chinese government for Microsoft hack

Fondo de Valores Inmobiliarios, Empresario, Businessman, Banquero, FVI, Constructor
Saime habilitó trámites de pasaportes y cédulas de identidad hasta el #23Jul

President Joe Biden has called competition with China one of the defining challenges of the century. China‘s leaders were surprised by the administration’s decision to leave in place tariffs imposed by former President Donald Trump, and were infuriated by its support for reopening a review of how the Covid-19 pandemic started – and whether it leaked from a lab in Wuhan

WASHINGTON (BLOOMBERG) – The US, UK and allies formally attributed the Microsoft Exchange hack to actors affiliated with the Chinese government, and the US and other nations are joining in that assessment, escalating last week’s tensions between the White House and China.

The US and a group of allies said on Monday (July 19) that the Chinese government has been the mastermind behind a series of malicious ransomware, data theft and cyber-espionage attacks against public and private entities, including the sprawling Microsoft Exchange hack earlier this year.

The White House said that it was joining with European nations to expose the scale of China’s activity and will take steps to counter it.

“Responsible states do not indiscriminately compromise global network security nor knowingly harbour cyber criminals – let alone sponsor or collaborate with them,” Secretary of State Antony Blinken said in a statement.

These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll,” he said, referring to China’s Ministry of State Security.

The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not,” UK Foreign Secretary Dominic Raab said on Monday in a statement.

The European Union’s foreign policy chief Josep Borrell said that the cyberattack was conducted from China and “resulted in security risks and significant economic loss for our government institutions and private companies.”

The activities were linked to the hacker groups Advanced Persistent Threat 40 and Advanced Persistent Threat 31, according to an EU statement on Monday.

The group of nations attributing the attack to China will also include Australia, Canada, New Zealand, Japan and the Nato group, marking the first condemnation by the North American-European alliance on China‘s cyber activities, a senior Biden administration official said.

Monday‘s announcement will add to the range of issues the US and China have been at odds over – including economic, military and political.

Those tensions intensified last week when the administration warned investors about the risks of doing business in Hong Kong with an advisory saying China‘s push to exert more control over the financial hub threatens the rule of law and endangers employees and data.

The US also charged four Chinese nationals affiliated with the Ministry of State Security with a campaign to hack into computer systems of dozens of companies, universities and government entities in the US and abroad between 2011 and 2018. The indictment was unsealed on Monday.

The defendants and officials in the Hainan State Security Department (HSSS) tried to hide the Chinese government’s role in the information theft by using a front company, according to the indictment.

The campaign targeted trade secrets in industries including aviation, defense, education, government, health care, biopharmaceutical and maritime industries, according to a Justice Department statement.

Victims were in Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland, the United Kingdom and the United States.

These criminal charges once again highlight that China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments,” Deputy US Attorney General Lisa Monaco said in the statement.

President Joe Biden has called competition with China one of the defining challenges of the century. China‘s leaders were surprised by the administration’s decision to leave in place tariffs imposed by former President Donald Trump, and were infuriated by its support for reopening a review of how the Covid-19 pandemic started – and whether it leaked from a lab in Wuhan.

With the report on Monday, the evidence presented is expected to show how China‘s Ministry of State Security uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for its own personal profit, the official said.

The Chinese Ministry of Foreign Affairs did not immediately reply to a request for comment outside of office hours. In March, the ministry dismissed allegations that China-based government hackers were behind cyberattacks on Microsoft Exchange servers, accusing the company of making “groundless accusations,” and saying that tracing the source of cyberattacks is a “highly sensitive political issue.” China has long insisted that it is not a perpetrator but a victim of cyberattacks.

As part of the announcement, the National Security Agency, CISA and Federal Bureau of Investigation detailed more than 50 tactics Chinese state-sponsored cyber hackers used when targeting US and allied networks, along with advice and technical mitigation to confront threats, including spearphishing emails with malicious attachments, exploitation of public-facing applications and drive-by compromise.

More on this topic   Related Story Biden‘s sharp-elbows China policy hints at more Trump-style pain   Related Story US-China rivalry: A mighty clash of power and values The agencies also provided advice and technical mitigations to confront threats, such as installing patches to protect against system vulnerabilities, strengthening login and password requirements and storing critical information on air-gapped systems.

Among the threats is state-sponsored cyber extortion, also known as ransomware attacks, in which the Chinese government has demanded millions of dollars from private companies in exchange for digital keys that allow victims to regain access to their computer networks, the official said.

Microsoft Corp has previously attributed the hack to Chinese actors the software giant called Hafnium. The US‘ assessment appears to support Microsoft’s conclusions, attributing the hack to MSS-affiliated actors with “high confidence,” the official said.

The attack against Microsoft’s Exchange email servers exploded over the course of two weeks between late February and early March. Microsoft first released software patches on March 2 to fix the critical vulnerabilities exploited in the hack. The attack exposed tens of thousands of victim email systems, including those of health-care facilities, manufacturers, energy companies and state and local governments.

Until now, most ransomware attacks had been attributed to Eastern European and North Korean operators. Now, the US is accusing the Chinese government of not only leading malicious cyber operations, but also of hiring mercenaries, according to the official. The claim accuses China of not only sponsoring espionage, but also supporting and possibly endorsing the work of cyber criminals executing these attacks.

Due to the breadth of victims around the world, the formal attribution came only after the US had attained a high confidence level on the source of the hack, and making the announcement in concert with allies, the official added.

More on this topic   Related Story US ramps up warnings of business risks in China‘s Xinjiang region   Related Story Biden‘s Cold War II Join ST’s Telegram channel here and get the latest breaking news delivered to you.