WASHINGTON – The Biden government publicly exposed hackers connected to China’s top intelligence agency on Monday for a widespread cyberattack on Microsoft Corp. email software. responsible this year as part of a global effort to condemn Beijing’s malicious cyber activities.
In addition, four Chinese nationals, including three intelligence officials, were charged with separate hacking activities.
The US government has “high confidence” that hackers associated with the Department of State Security (MSS) carried out the unusually indiscriminate hack into Microsoft Exchange Server software that surfaced in March, senior officials said.
“The United States and countries around the world blame the People’s Republic of China (PRC) for its irresponsible, disruptive and destabilizing behavior in cyberspace, which is a major threat to our economic and national security,” said Antony Blinken. The MSS, he added, has “fostered an ecosystem of criminal contract hackers who carry out both government-sponsored activities and cybercrime for their own financial gain.”
The UK and European Union joined in on the attribution of hacking activity, which has left an estimated hundreds of thousands of mostly small businesses and organizations vulnerable to cyber intruders.
The US-led announcement is the Biden government’s most significant move to date in relation to China’s longstanding campaign of cyberattacks against the US government and American corporations, often including routine nation-state espionage and theft of valuable intellectual property such as marine technology and coronavirus – vaccine dates.
The Microsoft hack left an estimated hundreds of thousands of mostly small businesses and organizations vulnerable to cyber intruders.
Steven Senne / Associated Press
The Ministry of Justice released a May grand jury indictment on Monday accusing four Chinese nationals and residents who work with the Ministry of State Security of being involved in a hacking campaign between 2011 and 2018 that targeted China’s businesses and residents It aims to benefit commercial sectors by stealing intellectual property and business information. The indictment did not appear to be directly related to the Microsoft Exchange Server violation, but it did accuse the hackers of stealing information from companies and universities about Ebola virus research and other topics to help the Chinese government and Chinese companies.
The Microsoft hack’s attribution to China was part of a wider global disregard for Beijing cyberattacks by the US, European Union, UK, Canada, Australia, New Zealand, Japan, and the North Atlantic Treaty Organization (NATO). While statements varied, the international cohort generally called on China for harmful cyber activities, including intellectual property theft. Some accused the MSS of using criminal contractors to conduct unauthorized cyber operations around the world, including for their own personal gain.
US authorities have been accusing China of widespread hacker attacks on American companies and government agencies for years. China has historically denied the allegations. A spokesman for the Chinese embassy in Washington did not immediately respond to a request for comment.
The Exchange Server hack was released by Microsoft in March along with a software patch to fix the bugs exploited in the attack. Microsoft identified the perpetrators at the time as a Chinese cyber spy group with state connections, which it calls hafnium, an assessment supported by other cybersecurity researchers. The Biden administration had not previously offered an attribution and was largely in agreement with the private sector conclusions and providing a more detailed identification.
The attack on the Exchange server systems began slowly and clandestinely in early January by hackers who have historically targeted researchers, law firms and universities, according to cybersecurity officials and analysts. But the pace of operations seemed to pick up when other China-affiliated hacking groups got involved and infected thousands of servers as Microsoft worked to send a software patch to its customers in early March.
Also on Monday, the National Security Agency, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency jointly released technical details of more than 50 tactics and techniques preferred by hackers affiliated with the Chinese government, the official said. Such lists are common when the United States uncover or highlight malicious hacking campaigns and are intended to help businesses and critical infrastructure operators better protect their computer systems.
“Failure to sanction PRC-related actors has been one of the most productive and perplexing mistakes of our China policy that has transgressed governments.”
Cybersecurity experts have been urging the Biden administration to respond to China’s alleged involvement in the Microsoft email hack for months. Cybersecurity expert Dmitri Alperovitch of the think tank Silverado Policy Accelerator said the coordinated global condemnation of China was a welcome and overdue development.
“The Microsoft Exchange hacks by MSS contractors are the most ruthless cyber operations we’ve seen by Chinese actors – far more dangerous than the Russian SolarWinds hacks,” Alperovitch said, referring to the widespread cyber espionage campaign , which was discovered last December, along with other suspected activity, led to a series of punitive measures against Moscow.
Criticizing the lack of any sanctions against China, Mr Alperovitch said it raised questions about why Beijing appears to be evading harsher sentences, especially when compared to those imposed on Russia.
“Failure to sanction PRC-related actors has been one of the most productive and perplexing mistakes of our China policy that has transgressed governments,” Alperovitch said, referring to the People’s Republic of China. The public humiliation on Monday without further punishment “looks like a double standard compared to actions against Russian actors. We treat China with kid gloves. “
The senior civil servant said the Biden government is aware that no single measure will be able to change the Chinese government’s malicious cyber behavior and that the focus is on bringing countries together on a unified stance on Beijing. The list of nations condemning China on Monday was “unprecedented,” the official said, noting that this is the first time NATO itself has explicitly done so.
Subscribe to Newsletter
Scoops, analysis, and insight driving Washington from the DC office of the WSJ.
“We have made it clear that we will continue to take steps to protect the American people from malicious cyber activity, regardless of who is responsible,” the official said. “And we are not ruling out further measures to bring the PRC to account.”
The new indictment states that members of a provincial division of the Chinese intelligence agency in southern Hainan Province set up a bogus company that described itself as an information security company and directed its employees to target dozens of victims in the US, Austria, Cambodia and several others chop lands.
The defendants, three of whom are identified as intelligence officers, are not in US custody. Some cybersecurity experts have said that charges against foreign state-sponsored hackers often have little impact because the accused are rarely brought before an American courtroom. US officials have defended the practice, saying it will help convince allied governments, the private sector and others of the scope of the problem.
The group is accused of hacking dozens of schools, businesses, and government agencies around the world, from a research facility in California and Florida that focuses on virus treatments and vaccines, to a Swiss chemical company that makes marine paints, to one University in Pennsylvania with a robotics engineering program and the National Institutes of Health to two Saudi Arabian government ministries. The companies and universities are not named in the indictment.
The hackers allegedly used fake spear phishing emails and stored stolen data on GitHub, the indictment said. They coordinated with professors at a Chinese university, among other things to identify and recruit hackers for their campaign, it said. The alleged violation of the NIH dated August 2013, according to the indictment.
The Microsoft hack
Additional WSJ coverage of Exchange Server cyberattack, selected by the editor.
Copyright © 2021 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8