The US, Britain and their allies on Monday formally attributed the Microsoft Exchange hack to actors affiliated with the Chinese government and accused it of a broad array of “malicious cyber activities”, escalating last week’s tension between the White House and Beijing.
The group of nations said the Chinese government has been the mastermind behind a series of malicious ransomware, data-theft and cyber-espionage attacks against public and private entities, including the sprawling Microsoft Exchange hack this year.
“The Chinese government must end this systematic cyber sabotage and can expect to be held account if it does not,” UK Foreign Secretary Dominic Raab said in a statement.
The White House said it was joining European nations to expose the scale of China’s activity and will take steps to counter it.
“Responsible states do not indiscriminately compromise global network security nor knowingly harbour cyber criminals — let alone sponsor or collaborate with them,” Secretary of State Antony Blinken said in a statement.
“These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments and cybersecurity mitigation efforts, all while the MSS had them on its payroll,” referring to China’s Ministry of State Security.
The Chinese Ministry of Foreign Affairs did not immediately reply to a request for comment outside of office hours.
In March, the ministry dismissed allegations that China-based government hackers were behind cyber attacks on Microsoft Exchange servers, accusing the company of making “groundless accusations”, and saying that tracing the source of cyber attacks is a “highly sensitive political issue".
China has long insisted that it is not a perpetrator but a victim of cyber attacks.
The EU’s foreign policy chief Josep Borrell said the cyber attack was conducted from China and “resulted in security risks and significant economic loss for our government institutions and private companies".
The activities were linked to the hacker groups Advanced Persistent Threat 40 and Advanced Persistent Threat 31, an EU statement released on Monday said.
The group of nations attributing the attack to China includes Australia, Canada, New Zealand and Japan as well as Nato, marking the first condemnation by the North American-European alliance of China’s cyber activities, the senior Biden administration official said.
Monday’s announcement will add to the range of issues — including economic, military and political — the US and China have been at odds over.
This tension intensified last week when the administration warned investors about the risks of doing business in Hong Kong with an advisory saying China’s push to exert more control over the financial hub threatens the rule of law and endangers employees and data.
The US also charged four Chinese nationals affiliated with the Ministry of State Security with a campaign to hack into the computer systems of dozens of companies, universities and government entities in the US and abroad between 2011 and 2018.
The indictment, which was unsealed Monday, alleges that the hackers aimed to attack, among other things, Ebola vaccine research.
President Joe Biden has called competition with China one of the defining challenges of the century.
China’s leaders were surprised by the administration’s decision to leave in place tariffs imposed by former president Donald Trump, and were infuriated by its support for reopening a review of how the Covid-19 pandemic started — and whether the virus escaped from a lab in Wuhan.
With Monday’s report, the US aims to show how China’s Ministry of State Security uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for its own personal profit.
“In some cases, we are aware that [Chinese] government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars,” the White House said in a fact sheet.