U.S., allies accuse China of hack
WASHINGTON (AP) — The Biden administration and Western allies formally blamed China on Monday for a massive hack of Microsoft Exchange email server software and accused Beijing of working with criminal hackers on ransomware and other illicit cyber operations.
The announcements, though not accompanied by sanctions against the Chinese government, were intended as a forceful condemnation of activities a senior Biden administration official described as part of a "pattern of irresponsible behavior in cyberspace." They highlighted the ongoing threat from Chinese government hackers even as the administration remains consumed with trying to curb ransomware attacks from Russia-based syndicates that have targeted critical infrastructure.
The broad range of cyberthreats from Beijing disclosed on Monday included a ransomware attack from government-affiliated hackers that has targeted victims — including in the U.S. — with demands for millions of dollars. U.S officials allege that China's Ministry of State Security has been using criminal contract hackers who have engaged in
cyber extortion schemes and theft for their own profit, officials said.
Meanwhile, the Justice Department on Monday announced charges against four Chinese nationals who prosecutors said were working with the Ministry of State Security in a hacking campaign that targeted dozens of computer systems, including companies, universities and government entities. The defendants are accused of stealing trade secrets and confidential business information.
Unlike in April, when public finger-pointing of Russian hacking was paired with a raft of sanctions against Moscow, the Biden administration did not announce any actions against Beijing. Nonetheless, a senior administration official who briefed reporters said that the U.S. has confronted senior Chinese officials and that the White House regards the multination public shaming as sending an important message.
Even without fresh sanctions, the actions Monday are likely to exacerbate tensions with China at a delicate time. Just last week, the U.S. issued separate stark warnings against transactions with entities that operate in China's western Xinjiang region, where China is accused of repressing Uyghur Muslims and other minorities. Then on Friday, the administration advised American firms of the deteriorating investment and commercial environment in Hong Kong, where China has been cracking down on democratic freedoms it had pledged to respect in the former British colony.
The European Union and Britain also called out China. The EU said malicious cyber activities with "significant effects" that targeted government institutions, political organizations and key industries in the bloc's 27 member states could be linked to Chinese hacking groups.