The U.S. government on Monday blamed China for the cyberattack on Microsoft’s Exchange email server that compromised tens of thousands of computers worldwide this year.
The government and several allied countries also published an extensive list of cyberthreats attributed to Beijing, including ransomware attacks committed by government-associated hackers who targeted companies for ransom demands in the millions of dollars.
China’s Ministry of State Security has used hired computer criminals who engaged in extortion and theft schemes for personal gain, according to a senior U.S. government official. That official briefed the press on the investigation on condition of anonymity.
The announcements highlighted the growing virtual threat posed by Chinese government hackers at the same time that the U.S. government is struggling to thwart ransomware attacks by illegal groups in Russia against crucial infrastructure such as a major oil pipeline.
Although the indictment was not accompanied by sanctions for Beijing, the senior official briefing the press said the U.S. has directly addressed the issue with Chinese authorities and that the White House believes the public finger-pointing by several countries sends a relevant message.
The fact that hackers associated with the Ministry of State Security conducted a ransomware attack is surprising and troubling to the U.S. government, the official said. But the attack, in which a large dollar ransom was demanded from a U.S. company, also gave authorities more insight into the kind of aggressive behavior we have seen from China.
The European Union also accused China for what it described as malicious virtual activities with significant effects against government institutions and political organizations in the EU and its 27 member states, as well as against important European industries.
The attack was made from China’s territory with the aim of espionage and intellectual property theft, EU foreign policy chief Josep Borrell said in a statement.
Most major and most damaging ransomware attacks have involved Russian criminal gangs. While the U.S. has sometimes identified ties between Russian intelligence agencies and individual hackers, the use of cybercriminals as contractors for the Chinese government to conduct unauthorized operations is striking, the official said.
The attack on Microsoft Exchange was identified in January and was quickly attributed to Chinese cyber spies through private groups. A government insider said it had not previously been attributed to hackers affiliated with the Chinese Ministry of State Security due in part to the discovery of the ransomware and for-profit operations, and because the government wanted to accompany the announcement with recommendations for companies on tactics employed in Chinese attacks.
A statement Monday from the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency detailed specific techniques and ways businesses and government agencies can protect themselves
The White House also wanted to assemble an international coalition of allies to single out China, according to the official, who said it was the first time NATO had condemned Beijing’s hacking operations.
A Chinese Foreign Ministry spokesman who was asked in the past about the Microsoft Exchange attack said China firmly opposes and combats cyber attacks and cyber theft in all its forms and warned that attribution of cyber attacks should be based on evidence rather than baseless accusations.