Politics
U.S. and Global Allies Blame China for Widespread Cybercrime, Including Massive Microsoft Exchange Hacking
In a move that could have serious repercussions on the already strained U.S.-China relationship, U.S. cyber officials accuse Chinese government-linked hackers of one of the biggest cyberattacks in the history of the United States.
According to a senior administration official, the FBI and NSA have “great confidence” that hackers under contract with the Chinese Ministry of State Security carried out the cyber attack on the Microsoft Exchange mail server this year. spring, a breach that exposed tens of thousands of US private and public networks. entities. Victims around the world included schools, hospitals, towns and pharmacies.
White House officials said the attack was just one example of “malicious cyber activity” carried out by Chinese hackers, including the use of “ransomware” to threaten businesses and extort millions. of dollars.
In a Sunday call outlining the Biden administration’s findings, the senior official said China’s State Security Ministry “is using criminal hackers to conduct unauthorized cyber operations around the world, including for their own benefit. staff”. The official revealed that hackers affiliated with the Chinese government were also responsible for a recent ransomware attack against an anonymous US company.
The United States, joined by major global allies Australia, Canada, Japan, the United Kingdom, New Zealand and the European Union, officially called on the Chinese government for the behavior on Monday. Their intention is to signal to China that its cyber activities will inspire countries around the world to come together to protect their networks.
Although the White House is not expected to announce new punitive measures, the official said the administration “is not ruling out further action” to hold China to account.
The announcement comes at a time when most of the public’s attention was directed at Russian cyber hackers, including those who carried out recent ransomware attacks against U.S. companies such as the Colonial pipeline operator and JBS.
There are, however, notable differences between Chinese and Russian cyberattacks. A senior administration official claims that there are close ties between hackers and the Chinese government: Essentially, hackers are in the pay of the government and operate on government orders. Russian hackers, on the other hand, have a more tenuous connection with official Russian intelligence agencies. The official also said the scale of Chinese attacks, such as the Microsoft Exchange hack, was “very telling to us.”
The scale of the attack, which took place in early March, stunned even seasoned cyber experts. “This is a huge, crazy hack,” said Christopher Krebs, former director of the US Cybersecurity and Infrastructure Security Agency (CISA), of the attack in a Tweeter. David Kennedy, CEO of cybersecurity firm TrustedSec, called it “literally the biggest hack I’ve seen in my fifteen years” and noted that “there was no rhyme or reason” to find out who was targeted. “It was literally” to hack everyone you can in that short window of time and cause as much pandemonium and chaos as possible. “”
Microsoft blamed “a threatening state-sponsored actor … whom we call Hafnium” and explained in a blog post that “Hafnium operates out of China, and this is the first time that we are talking about its business. He is a highly qualified and sophisticated actor.
But Chinese officials have denied responsibility, Foreign Ministry spokesman Wang Wenbin insisting that China “strongly opposes and fights cyber attacks and cyber theft in all their forms.”
During his second term, President Obama and Chinese President Xi Jinping agreed that neither country will “knowingly support the theft of intellectual property through cybercrime.” But according to a note released by the White House, Beijing-linked hackers still “aggressively” target U.S. and allied defense and semiconductor companies, as well as medical institutions and universities to steal data, including including personally identifiable information amid the COVID-19 pandemic.
The memo also describes how Chinese hackers routinely use virtual private servers, using “small office and home office routers” to go unnoticed.
