U.S., allies accuse China of global cyber hacking campaign
Send a link to a friend
 [July 19, 2021]
By Steve Holland and David Shepardson
WASHINGTON (Reuters) - The United States
and a coalition of allies on Monday accused China's Ministry of State
Security of a global cyber hacking campaign, specifically attributing a
large Microsoft attack disclosed earlier this year to hackers working on
Beijing's behalf.
Opening a new area of tensions with China, the United States is joined
by NATO, the European Union, Britain, Australia, Japan, New Zealand and
Canada to level the allegations, according to a White House fact sheet
released Monday morning.
The announcement comes a month after G7 and NATO leaders agreed with
President Joe Biden at summits in Cornwall, England, and Brussels in
accusing China of posing systemic challenges to the world order.
The governments "will formally attribute the malicious cyber campaign
utilizing the zero-day vulnerabilities in the Microsoft Exchange Server
disclosed in March... to malicious cyber actors affiliated with the
(Chinese Ministry of State Security) with high confidence," the U.S.
senior administration official told reporters ahead of the announcement.
"The United States and our allies and partners are exposing further
details of the PRC's (People's Republic of China's) pattern of malicious
cyber activities and taking further action to counter it."
The Chinese embassy in Washington did not immediately respond to a
request for comment. Chinese officials have previously said China is
also a victim of hacking and opposes all forms of cyber attacks.
U.S. federal agencies, including the National Security Council, the FBI
and the National Security Agency, will outline more than 50 techniques
and procedures that "China state-sponsored actors" use in targeting U.S.
networks, the official said.
Chinese state-sponsored cyber actors consistently scan target networks
for critical and high vulnerabilities within days of the vulnerability’s
public disclosure, the 31-page U.S. cybersecurity advisory seen by
Reuters says.
"We will show how the PRC's MSS, Ministry of State Security, uses
criminal contract hackers to conduct unsanctioned cyber operations
globally, including for their own personal profit," the official said.
The United States in recent months has focused heavy attention on Russia
in accusing Russian cyberhackers of a string of ransomware attacks in
the United States.
In Monday's announcement, U.S. officials formally blamed the Chinese
government "with high confidence" for the hack that hit businesses and
government agencies in the United States using a Microsoft email
service. Microsoft has already accused China of responsibility.
[to top of second column]
|
Computer code is seen on a screen above a Chinese flag in this July
12, 2017 illustration photo. REUTERS/Thomas White/Illustration/File
Photo
The operation specifically exploited weaknesses in
Microsoft’s exchange program, a common email software. Cybersecurity
experts were shaken by the scale and volume of the incident,
totaling thousands of potential U.S. victims.
The senior Biden administration official said U.S. concerns about
Chinese cyber activities have been raised with senior Chinese
officials.
"Countries around the world are making it clear that concerns
regarding the PRC’s malicious cyber activity is bringing them
together to call out those activities, promote network defense and
cybersecurity, and act to disrupt threats to our economies and
national security," the official said.
The official said the scope and scale of hacking attributed to China
has surprised U.S. officials along with China's use of "criminal
contract hackers."
The governments will accuse Chinese-affliated actors with
"cyber-enabled extortion, crypto-jacking, and theft from victims
around the world for financial gain," the official said. "We're not
ruling out further action to hold the PRC accountable."
The United States and China have already been at loggerheads over
trade, China's military buildup, a crackdown on democracy activists
in Hong Kong, treatment of the Uyghurs in the Xinjiang region and
aggression in the South China Sea.
On Friday, the Biden administration issued an advisory to warn U.S.
businesses about risks to their operations and activities in Hong
Kong after China's imposition of a new national security law there
last year.
(Reporting by Steve Holland and David Shepardson; Editing by Lincoln
Feast and Chizu Nomiyama)
[© 2021 Thomson Reuters. All rights
reserved.] Copyright 2021 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
