National Post (National Edition)
China behind massive cyber attack
Canada slams `harmful behaviour'
OTTAWA • Foreign Affairs Minister Marc Garneau joined Western allies in publicly blaming China for orchestrating a far-reaching hack on Microsoft email software earlier this year, saying it was part of a “pattern of irresponsible and harmful cyberspace behaviour” by the country.
In a statement, Global Affairs Canada named as responsible China's Ministry of State Security (MSS), saying Canada and its allies are “confident” that the state intelligence agency organized the attack. The department also identified on Monday a specific regional office within the MSS that had previously targeted Canada's defence, biopharmaceutical and oceanic technology sectors in a series of attacks in 2017 and 2018.
The statement follows the massive and unusually indiscriminate hack of Microsoft email software earlier this year, which infiltrated an estimated 400,000 servers and caused widespread forced shutdowns of government and corporate operations.
Microsoft disclosed the hack in March along with a software patch to sidestep aspects of its email program that had been exploited. The company at the time attributed the attack to a Chinese state-backed hacking group it referred to as Hafnium. The group had previously attempted to steal information from defence contractors, law firms and infectious disease experts, the company said at the time.
Joint statements by Western governments on Monday effectively marked an acknowledgment that Chinese state actors were in fact behind the attack, solidifying an earlier assessment by the private sector.
The U.S. government, joined by allies including Canada, the U.K., European Union, Japan, Australia, New Zealand, and the North Atlantic Treaty Organization (NATO), all put out similar statements placing the blame on China's MSS agency.
The statements come as Canadian intelligence agencies have been warning about increased cyber warfare tactics being used by foreign governments, most notably China and Russia, to steal commercially sensitive data or advance their geopolitical aims.
Global Affairs Canada said the Microsoft attack was likely carried out by the Advanced Persistent Threat Group 40 (APT 40), a group with direct ties to the People's Republic of China that the department described as a “highly sophisticated” network capable of achieving “sustained, covert access to Canadian and allied networks beyond the compromising of Microsoft exchange servers.”
“APT 40 almost certainly consists of elements of the Hainan State Security Department's regional MSS office,” GAC said in a statement. “This group's cyber activities targeted critical research in Canada's defence, ocean technologies and biopharmaceutical sectors in separate malicious cyber campaigns in 2017 and 2018.”
The joint statements are similar to communications by Western allies in 2018 following a strategic cyberattack by China that sought to secure data from dozens of foreign governments. The White House on Monday said that it was joining with European and other nations to expose the scale of China's activity, and will take steps to counter it.
“Responsible states do not indiscriminately compromise global network security nor knowingly harbour cyber criminals — let alone sponsor or collaborate with them,” Secretary of State Antony Blinken said in a statement.
U.K. Foreign Minister Dominic Raab decried “irresponsible cyber activity emanating from China,” while Australian Foreign Minister Marise Payne expressed “serious concerns about malicious cyber activities by China's Ministry of State Security.”
The U.S. on Monday also charged four Chinese nationals affiliated with the Ministry of State Security with a campaign to hack into computer systems of dozens of companies, universities and government entities in the U.S. and abroad between 2011 and 2018. The indictment, which was unsealed Monday, alleges that the hackers targeted, among other things, Ebola vaccine research.
President Joe Biden has called competition with China one of the defining challenges of the century. China's leaders were surprised by the administration's decision to leave in place tariffs imposed by former president Donald Trump, and were infuriated by its support for reopening a review of how the COVID-19 pandemic started — and whether it leaked from a lab in Wuhan.
Canadian counter-intelligence agencies, for their part, have been defending against attacks with increasing frequency. A recent report by the Communications Security Establishment (CSE) said it issued more than 2,500 foreign intelligence reports in 2020 to “alert and inform” government officials across 28 departments and agencies about attempted cyber attacks.
The agency last year had to provide assistance to the Government of Canada or its critical infrastructure partners 2,206 times, including 84 incidents “affecting Canada's health sector,” the same report said.
A separate study by the Canadian Security Intelligence Service (CSIS) found “espionage and foreign interference activity at levels not seen since the Cold War,” mostly involving Chinese and Russian-backed actors.
The Microsoft hack comes shortly after the high-profile hack of Texasbased software maker SolarWinds, which affected at least 100 companies and nine U.S. government agencies, including the U.S. Treasury and Commerce departments.