The U.S. and foreign members of the North Atlantic Treaty Organization (NATO) accused China of “irresponsible and destabilizing behavior in cyberspace” Monday as ransomware attacks against American companies continue.
President Joe Biden’s administration said it is highly confident the attack against Microsoft Exchange’s email service in March came about because of “malicious cyber actors affiliated with” China’s Ministry of State Security (MSS), according to a press release. The administration also believes that – contrary to recent attacks originating in Russia – China has “contract hackers” that work with the government directly. (RELATED: REPORT: Biden Administration To Create Task Force To Address China-Linked Cyber Attack Against Microsoft)
“The United States is deeply concerned that the PRC [People’s Republic of China] has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit,” the administration announced. “As detailed in public charging documents unsealed in October 2018 and July and September 2020, hackers with a history of working for the PRC Ministry of State Security (MSS) have engaged in ransomware attacks, cyber enabled extortion, crypto-jacking, and rank theft from victims around the world, all for financial gain.”
A senior administration official told reporters there have been reports that China-backed cyber operators have taken part in “ransomware operations against private companies that have included ransom demands of millions of dollars.” The official declined to give specifics beyond calling it “a large ransom request.”
“One of the reasons that we’ve put so much work into this attribution is because it really gave us new insights on the MSS’s work and on the kind of aggressive behavior that we’re seeing coming out of China,” the senior administration official noted.
MSS is a tight-lipped civilian intelligence agency. The U.S. “has raised its concerns” about “China’s broader malicious cyber activity” with government officials in the country, but stopped short of announcing any new punishment for Beijing. Essentially, Monday’s announcement was meant to send “an additional strong, united message of accountability to China,” according to the senior administration official.
BEIJING, CHINA – JUNE 28: Chinese President Xi Jinping waves as he attends the art performance celebrating the 100th anniversary of the Founding of the Communist Party of China on June 28, 2021 in Beijing, China. Ahead of the 100th anniversary of the party founding on July 1. Final preparations for events to mark the anniversary are under way in the Chinese capital. (Photo by Lintao Zhang/Getty Images)
“The first important piece is the publicly calling out the pattern of irresponsible malicious cyber activity, and doing it with allies and partners,” the official said.
NATO’s participation marks the first time the group is publicly criticizing China’s cyber attacks, CNN reported. The European Union and the Five Eyes countries are also joining the U.S. with similar announcements, the official added.
These efforts “will allow us to enhance and increase information sharing, including cyber threat intel and network defense information with public and private stakeholders, and expand diplomatic engagement to strengthen our collective cyber resilience and security cooperation,” the senior administration official said.
The joint condemnation of China’s actions follow multiple attacks against American companies that have, at times, crippled production of certain goods. Many of these attacks have been ransomware attacks attributed to groups in Russia. Biden has promised consequences for these attacks and pressured Russian President Vladimir Putin to act against bad actors in the country.
The attacks from China, the administration said in its press release, are “a major threat to U.S. and allies’ economic and national security.”