Security

US, NATO Accuse China of Massive Microsoft Hack

cyberwarfare hacker

The administration of U.S. President Joseph R. Biden accused the People’s Republic of China Monday of using contract hackers to conduct malicious cyber operations globally.

Joining the Biden administration in its condemnation of China were the European Union, United Kingdom, and NATO.

Today’s announcement builds on the progress made from the president’s first foreign trip, the White House said in a statement.

From the G7 and EU commitments around ransomware to NATO adopting a new cyber defense policy for the first time in seven years, the statement continued, the president is putting forward a common cyber approach with our allies and laying down clear expectations and markers on how responsible nations behave in cyberspace.

It maintained that hackers with a history of working for China’s Ministry of State Security have engaged in ransomware attacks, cyber-enabled extortion, crypto-jacking, and rank theft from victims around the world, all for financial gain.

The White House added that China’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts.

In addition to its condemnation of China, the administration announced that the U.S. Justice Department has filed charges against four Ministry of State Security hackers allegedly engaged in a multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defense, education and healthcare in at least a dozen countries.

Microsoft Exchange Targeted

The White House also said that it could attribute with a high degree of confidence that cyber actors affiliated with China’s Ministry of State Security conducted espionage operations using Zero Day vulnerabilities to compromise Microsoft Exchange servers, which the company made public in March.

Before Microsoft could release its security updates, the Chinese threat actors exploited those vulnerabilities to compromise tens of thousands of computers and networks worldwide in a massive operation that resulted in significant remediation costs for its mostly private sector victims, the White House added.

 

“Attributions like these will help the international community ensure those behind indiscriminate attacks are held accountable,” Tom Burt, corporate vice president for customer security and trust at Microsoft, said in a statement.

“The governments involved in this attribution have taken an important and positive step that will contribute to our collective security,” he observed.

Significant Business Threat

Lance Hoffman, professor emeritus of computer science at George Washington University in Washington, D.C., noted that nations, criminal groups, and individuals are all on the digital battlefield, whether they want to be or not.

“That’s why it is very significant that NATO and other U.S. allies condemn China,” he told TechNewsWorld. “No place or person will be free from ongoing cyberattacks until all nations put in place universal rules of the road and enforcement mechanisms that apply to individuals and groups within their borders.”

While attributing the source of specific cyberattacks can be problematic, Ben Read, director of analysis at Mandiant Threat Intelligence, a provider of incident response and forensic services in Alexandria, Va., noted the U.S. and its allies appear to be on solid ground calling out China.

“The statements today by multiple governments naming the People’s Republic of China as responsible for the widespread exploitation of Microsoft Exchange servers in the spring is consistent with Mandiant’s previous findings,” he said in a statement.

“The indictment highlights the significant threat to multiple businesses from Chinese espionage,” he noted. “The group’s focus on biomedical research shows that emerging technologies are still a key target for Chinese espionage.”

“Alongside that,” he continued, “the theft of negotiating strategies underscores the risk posed to all companies doing business with China, not just those with high-value intellectual property.

Where Are the Sanctions?

Joseph Carson, chief security scientist at Thycotic, a provider of cloud identity security solutions in Washington, D.C. added, “Today marks a significant escalation in cyber politics with the formal accusation of China in an ongoing, widespread cyber offensive which includes targeting Microsoft Exchange servers and an undisclosed ransomware victim.”

“While the accusation points the finger at China,” he told TechNewsWorld, “it does not bring enough pressure to change China’s increasing cyber offensive campaigns.”

“Countries must collaborate collectivity to hold nations accountable for cyberattackers that operate within their borders,” he continued, “otherwise we will continue to see an escalation in cyberattacks without any action.”

While condemning China’s malicious cyber activities, the administration pulled up short on imposing sanctions on Beijing.

“The public condemnation is in all likelihood a warning shot across China’s bow,” observed Purandar Das, CEO and co-founder of Sotero, a data protection company in Burlington, Mass.

“Action probably has already been taken against specific targets,” he told TechNewsWorld. “Those actions will be what dissuades or reduces this activity from China.”

Mark Kedgley, CTO of New Net Technologies, of Naples, Fla., now part of Netwrix, a provider of change management software, noted that it took several weeks after North Korea was attributed with the Sony Entertainment hack before sanctions were imposed on that nation.

However, he told TechNewsWorld, “Bullying North Korea is easy, but muscling China is way more difficult and likely to come with a heavy price of self-harm, so strong words rather than actions are probably as far as this will go.”

Dealing With China

Biden may be withholding sanctions against China in the hopes his administration can repeat the success of the Obama administration when it called out Beijing on rampant hacker attacks on corporations to steal intellectual property.

At that time, an informal accord was reached with China on malicious cyberactivity aimed at businesses. “Following that agreement, we saw a dramatic drop in espionage attacks from China,” said Richard Stiennon, founder and chief research analyst with IT-Harvest, a cybersecurity industry analyst firm in Birmingham, Mich.

“During the Trump administration, the hacks resurfaced in a big way because Trump was so anti-China,” he told TechNewsWorld. “Biden is hoping to get back to the kind of agreement Obama had with China.”

“While he might not have any success with Putin, I think it might work with China,” he added.

“Dealing with Russia is also different from China because it has nothing we want,” he continued. “We don’t need their oil or their gas. But we need everything that China has. Our technology economy depends on China to make our stuff. Imposing trade sanctions would be really bad for us.”

On the other hand, condemnation isn’t going to improve relations between Washington and Beijing, either.

“These actions, if true, are destabilizing to a relationship that desperately needs stability,” said Doug Barry, a spokesperson for the U.S.-China Business Council, a group of more than 200 companies that do business in China.

“The list of problems, sanctions, and grievances seem to grow by the day — yet the governments are not discussing them in any meaningful way,” he told TechNewsWorld.

“A planned visit to China by a senior U.S. official was reportedly canceled by the Chinese side,” he continued. “If ever there was a time for high-level talks, the time is now. Both countries have an obligation, not just to their own citizens but to the world, to address their differences in a responsible manner with a sense of urgency.”

John P. Mello Jr.

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Security

Technewsworld Channels