Hackers associated with China are allegedly responsible for a massive wave of recent cyber attacks targeting thousands of businesses, governments, and non-profit organizations in the western world, according to countries that make up the Five Eyes spying alliance of the U.S., UK, Canada, Australia, and New Zealand.
The Five Eyes countries, along with additional global powers like the European Union, Japan, and NATO, all issued warnings early Monday pointing the finger at the People’s Republic of China (PRC) for hacks such as the Microsoft Email Exchange attack, first made public in March.
“The PRC’s pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world,” the White House said in a statement published online.
“Today, countries around the world are making it clear that concerns regarding the PRC’s malicious cyber activities is bringing them together to call out those activities, promote network defense and cybersecurity, and act to disrupt threats to our economies and national security,” the White House continued.
The British used even more harsh language than the White House in its statement Monday morning, repeatedly calling China’s alleged cyberattacks “reckless.”
“The Chinese government has ignored repeated calls to end its reckless campaign, instead allowing its state-backed actors to increase the scale of their attacks and act recklessly when caught,” the UK government claimed in a press release.
“This coordinated action today sees the international community once again urge the Chinese government to take responsibility for its actions and respect the democratic institutions, personal data and commercial interests of those with whom it seeks to partner,” the UK statement continued.
“The UK is calling on China to reaffirm the commitment made to the UK in 2015 and as part of the G20 not to conduct or support cyber-enabled theft of intellectual property of trade secrets.”
The European Union’s statement was more muted, compared with the UK, but still condemned the alleged cyberattacks by Chinese-affiliated hackers.
“The compromise and exploitation of the Microsoft Exchange server undermined the security and integrity of thousands of computers and networks worldwide, including in the member states and EU institutions. It allowed access to a significant number of hackers that have continued to exploit the compromise to date,” the EU said in a statement.
“This irresponsible and harmful behavior resulted in security risks and significant economic loss for our government institutions and private companies, and has shown significant spill-over and systemic effects for our security, economy and society at large,” the EU continued.
“We have also detected malicious cyber activities with significant effects that targeted government institutions and political organizations in the EU and member states, as well as key European industries. These activities can be linked to the hacker groups known as Advanced Persistent Threat 40 and Advanced Persistent Threat 31 and have been conducted from the territory of China for the purpose of intellectual property theft and espionage,” the EU claimed.
The unusual and globally coordinated effort from such a broad range of countries will only worsen geopolitical hostilities that have emerged during the New Cold War. But at this point it’s unclear things could get any worse anyway.
“The United States is deeply concerned that the PRC has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit,” the White House claimed.
“As detailed in public charging documents unsealed in October 2018 and July and September 2020, hackers with a history of working for the PRC Ministry of State Security (MSS) have engaged in ransomware attacks, cyber enabled extortion, crypto-jacking, and rank theft from victims around the world, all for financial gain.”
The White House also alleges that some hackers have participated in ransomware attacks for their own personal profit, all with the implicit permission of Beijing, according to the Biden administration.
“In some cases, we are aware that PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars. The PRC’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts,” the White House statement said.
The Department of Justice is also expected to announced charges on Monday against four hackers allegedly affiliated with China’s MSS and the attack on Microsoft, though DOJ had not yet formally released any new information.
“The US Department of Justice is announcing criminal charges against four MSS hackers addressing activities concerning a multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defense, education, and healthcare in a least a dozen countries. DOJ documents outline how MSS hackers pursued the theft of Ebola virus vaccine research and demonstrate that the PRC’s theft of intellectual property, trade secrets, and confidential business information extends to critical public health information,” according to the White House.
As the Financial Times notes, roughly 30,000 different entities have been targeted by China for cyberattacks, at least according to the White House. The most high-profile of those entities have included the Colonial Pipeline and JBS meatpacking ransomware attacks. Both Colonial and JBS paid the hackers to retrieve their data.
“By exposing the PRC’s malicious activity, we are continuing the Administration’s efforts to inform and empower system owners and operators to act,” the White House said.
“We call on private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.”