The United States, the European Union, NATO and other world powers on Monday accused the Chinese government of a broad array of malicious cyber activities, blaming its Ministry of State Security and hackers allegedly linked to it for a sophisticated attack on Microsoft’s widely used email server software earlier this year.
The condemnations represent the first time NATO, a 30-nation alliance, has denounced alleged Chinese cyberattacks and follow the Biden administration’s pledge in June to rally U.S. allies against Beijing’s behavior. The number of nations involved amounts to the largest condemnation of China’s cyber aggressions to date, U.S. officials said.
The joint statements stopped short, however, of punishing the country for its alleged actions, exposing the challenge of an alliance with deep business ties to China trying to confront the world’s second-largest economy.
China’s “pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world,” the White House said in a statement Monday.
From March: Biden administration moving to address a global compromise of Microsoft email servers
This is the first time Washington and other U.S. allies have assigned blame for the Microsoft Exchange hack, which compromised more than 100,000 servers worldwide. Microsoft alleged in March that its Exchange servers were compromised by a Beijing-backed hacking group that exploited several previously unknown flaws in the software.
By singling out China’s Ministry of State Security (MSS) and hackers operating “with its knowledge,” the United States and its allies are seeking to put forward a common cyber approach with allies and lay down “clear expectations on how responsible nations behave in cyberspace,” said a senior administration official speaking on the condition of anonymity in advance of the allies’ collective statements under ground rules set by the White House. Administration officials have raised concerns with senior Chinese officials about the Microsoft incident and broader malicious cyber activity, “making clear that [China’s] actions threaten security, confidence and stability in cyberspace,” the official said.
Merely affixing blame but failing to impose a consequence will not deter future activity, some analysts said.
“The lack of any sanctions by the U.S. government against Chinese cyberthreat actors is a huge problem that transcends four administrations,” said Dmitri Alperovitch, chairman of Silverado Policy Accelerator, a think tank. He noted that the E.U., which has lagged the United States in publicly attributing cyberattacks to foreign governments, last year imposed the first cyber sanctions, against two Chinese nationals and a Chinese company for a supply-chain hack known as Cloud Hopper.
“We need to stop treating China as if they have a special immunity to being held accountable, and we need to act in parity, as we have with the other major malicious cyber actors, including Russia,” Alperovitch said.
Biden tells Putin the U.S. will take ‘any necessary action’ after latest ransomware attack, White House says
The Biden administration is “not ruling out further action to hold [China] accountable,” the senior administration official said. “We’re also aware that no one action can change behavior, and neither can one country acting on its own,” the official added. “So we really focused initially on bringing other countries along with us.”
The allies and partners are also condemning Beijing for working with criminal hacker groups involved in ransomware attacks, which lock down computer systems pending payment, including at least one effort to extort a U.S. company for millions of dollars, the official said. Cybersecurity analysts have tracked ransomware attacks by Chinese criminals for years, and these incursions are generally not of the same scale as those conducted by Russia-based hackers.
“Showing how the MSS is using criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit . . . is very significant,” the official said.
The official added that Washington and its allies would be exposing “50 tactics, techniques and procedures Chinese state-sponsored cyber actors used when targeting U.S. and allied networks, along with advice for technical mitigations to confront this threat.”