U.S. and allies accuse China of ‘malicious cyber activity,’ including Microsoft Exchange hack

The U.S. and a large group of allies — Australia, Britain, Canada, New Zealand, Japan, NATO, and the European Union — today issued a coordinated warning to China about “malicious cyber activities.”

• Some countries blamed China for the Microsoft Exchange hack, reported four months ago, that affected thousands of companies. The White House said it had a “high degree of confidence” that China’s Ministry of State Security (MSS) was connected to the hack, a finding echoed in statements by “five eyes” allies Australia, Britain, Canada, and even New Zealand, which is usually the most reluctant to directly confront Beijing. Japan said it “strongly supports” these statements.
• NATO made a more general statement condemning “malicious cyber activity,” and merely added that its 30 member nations “acknowledge” the statements by allies that attributed blame for the Microsoft hack. NATO called on “all States, including China, to…act responsibly in the international system, including in cyberspace.”
• The EU warned of hacking “conducted from the territory of China,” but did not directly blame the MSS for the Microsoft hack.

The U.S. took several other actions to criticize China and build cybersecurity awareness among domestic companies, but stopped short of issuing sanctions like those placed on Russia after the much larger SolarWinds hack.

• Four Chinese nationals were indicted by the U.S. Justice Department for allegedly working with the MSS to steal intellectual property from dozens of organizations between 2011 and 2018.
• That indictment also “alleges that the Chinese government has done little to uphold a 2015 accord between China and the Obama Administration not to direct or support cyberattacks that steal corporate records for economic benefit,” the Wall Street Journal reports. Specifically, the Justice Department alleges that Chinese hackers installed malware on American computers within a month of that agreement.
• A cybersecurity advisory, with details on over 50 techniques used by hackers linked to the Chinese government, was jointly published by several U.S. federal agencies.
• Secretary of State Antony Blinken talked tough in a press release, accusing the MSS of having “fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain,” and vowing to work with partners and allies to “oppose digital authoritarianism.”

See also:

• U.S. accuses China of abetting ransomware attack / NBC
  “The U.S. has previously accused some hackers working for Chinese intelligence of using their skills to moonlight as cybercriminals for extra money. The announcement Monday marks the first time the U.S. has accused China of abetting ransomware attackers.”
  On The China Project in September 2020: DOJ sanctions 5 Chinese hackers operating with ‘tacit’ state support.
• U.S. accuses China of masterminding cyber attacks worldwide / FT (paywall)
  “The U.K. said for the first time on Monday that it considers two Chinese hacking groups, APT 40 and APT 31, to be linked to China’s MSS.”
• Norway says cyber attack on parliament carried out from China / Reuters (porous paywall)
• How China transformed into a prime cyber threat to the U.S. / NYT (paywall)