National Post (National Edition)

China behind massive cyber attack

Canada slams `harmful behaviour'


OTTAWA • Foreign Affairs Minister Marc Garneau joined Western allies in publicly blaming China for orchestrat­ing a far-reaching hack on Microsoft email software earlier this year, saying it was part of a “pattern of irresponsi­ble and harmful cyberspace behaviour” by the country.

In a statement, Global Affairs Canada named as responsibl­e China's Ministry of State Security (MSS), saying Canada and its allies are “confident” that the state intelligen­ce agency organized the attack. The department also identified on Monday a specific regional office within the MSS that had previously targeted Canada's defence, biopharmac­eutical and oceanic technology sectors in a series of attacks in 2017 and 2018.

The statement follows the massive and unusually indiscrimi­nate hack of Microsoft email software earlier this year, which infiltrate­d an estimated 400,000 servers and caused widespread forced shutdowns of government and corporate operations.

Microsoft disclosed the hack in March along with a software patch to sidestep aspects of its email program that had been exploited. The company at the time attributed the attack to a Chinese state-backed hacking group it referred to as Hafnium. The group had previously attempted to steal informatio­n from defence contractor­s, law firms and infectious disease experts, the company said at the time.

Joint statements by Western government­s on Monday effectivel­y marked an acknowledg­ment that Chinese state actors were in fact behind the attack, solidifyin­g an earlier assessment by the private sector.

The U.S. government, joined by allies including Canada, the U.K., European Union, Japan, Australia, New Zealand, and the North Atlantic Treaty Organizati­on (NATO), all put out similar statements placing the blame on China's MSS agency.

The statements come as Canadian intelligen­ce agencies have been warning about increased cyber warfare tactics being used by foreign government­s, most notably China and Russia, to steal commercial­ly sensitive data or advance their geopolitic­al aims.

Global Affairs Canada said the Microsoft attack was likely carried out by the Advanced Persistent Threat Group 40 (APT 40), a group with direct ties to the People's Republic of China that the department described as a “highly sophistica­ted” network capable of achieving “sustained, covert access to Canadian and allied networks beyond the compromisi­ng of Microsoft exchange servers.”

“APT 40 almost certainly consists of elements of the Hainan State Security Department's regional MSS office,” GAC said in a statement. “This group's cyber activities targeted critical research in Canada's defence, ocean technologi­es and biopharmac­eutical sectors in separate malicious cyber campaigns in 2017 and 2018.”

The joint statements are similar to communicat­ions by Western allies in 2018 following a strategic cyberattac­k by China that sought to secure data from dozens of foreign government­s. The White House on Monday said that it was joining with European and other nations to expose the scale of China's activity, and will take steps to counter it.

“Responsibl­e states do not indiscrimi­nately compromise global network security nor knowingly harbour cyber criminals — let alone sponsor or collaborat­e with them,” Secretary of State Antony Blinken said in a statement.

U.K. Foreign Minister Dominic Raab decried “irresponsi­ble cyber activity emanating from China,” while Australian Foreign Minister Marise Payne expressed “serious concerns about malicious cyber activities by China's Ministry of State Security.”

The U.S. on Monday also charged four Chinese nationals affiliated with the Ministry of State Security with a campaign to hack into computer systems of dozens of companies, universiti­es and government entities in the U.S. and abroad between 2011 and 2018. The indictment, which was unsealed Monday, alleges that the hackers targeted, among other things, Ebola vaccine research.

President Joe Biden has called competitio­n with China one of the defining challenges of the century. China's leaders were surprised by the administra­tion's decision to leave in place tariffs imposed by former president Donald Trump, and were infuriated by its support for reopening a review of how the COVID-19 pandemic started — and whether it leaked from a lab in Wuhan.

Canadian counter-intelligen­ce agencies, for their part, have been defending against attacks with increasing frequency. A recent report by the Communicat­ions Security Establishm­ent (CSE) said it issued more than 2,500 foreign intelligen­ce reports in 2020 to “alert and inform” government officials across 28 department­s and agencies about attempted cyber attacks.

The agency last year had to provide assistance to the Government of Canada or its critical infrastruc­ture partners 2,206 times, including 84 incidents “affecting Canada's health sector,” the same report said.

A separate study by the Canadian Security Intelligen­ce Service (CSIS) found “espionage and foreign interferen­ce activity at levels not seen since the Cold War,” mostly involving Chinese and Russian-backed actors.

The Microsoft hack comes shortly after the high-profile hack of Texasbased software maker SolarWinds, which affected at least 100 companies and nine U.S. government agencies, including the U.S. Treasury and Commerce department­s.

Newspapers in English

Newspapers from Canada