WASHINGTON – China was behind the massive hack that compromised tens of thousands of Microsoft Exchange email servers worldwide, the Biden administration said Monday, as the United States joined with other world powers to blame Beijing’s intelligence agency for a wide array of malicious cyber operations that targeted dozens of industries.
The United States, NATO, the European Union and other allies said China’s Ministry of State Security has been using contract hackers in a ransomware scheme designed to extort companies for millions of dollars, according to a senior administration official.
The sweeping condemnation from the U.S. and its allies came as the Justice Department announced indictments against four Chinese nationals, including three state security officers, who were accused in a yearslong hacking scheme in which they allegedly stole trade secrets, confidential business information, sensitive technologies and scientific research from dozens of companies, universities and government entities in several countries, including the United States.
Monday’s twin announcements highlight the worldwide cyberthreat the Chinese government poses, U.S. officials said. The Biden administration has confronted senior Chinese government officials about its cyber activities, the senior official said, although the White House has not announced sanctions or other punitive actions. The official said the United States is not ruling out further steps to hold China accountable.
“The breadth and duration of China’s hacking campaigns, including these efforts targeting a dozen countries across sectors ranging from healthcare and biomedical research to aviation and defense, remind us that no country or industry is safe,” Deputy Attorney General Lisa Monaco said. “Today’s international condemnation shows that the world wants fair rules, where countries invest in innovation, not theft.”
Secretary of State Antony Blinken said China’s contract hackers cost governments and businesses billions of dollars in stolen intellectual property and ransom payments.
“The (People’s Republic of China’s) Ministry of State Security has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain,” he said. “Responsible states do not indiscriminately compromise global network security nor knowingly harbor cyber criminals – let alone sponsor or collaborate with them.”
The global hack targeting Microsoft Exchange earlier this year exploited email server vulnerabilities and victimized a wide gamut of companies, including small businesses, local governments, healthcare companies and manufacturers.
Asked about the Microsoft Exchange hack, a Chinese Foreign Ministry spokesperson said China “firmly opposes and combats cyber attacks and cyber theft in all forms” and cautioned that attribution of cyberattacks should be based on evidence and not “groundless accusations,” The Associated Press reported.
Chinese nationals charged
The Justice Department on Friday unsealed an indictment against three officers of the Hainan State Security Department, a provincial arm of the Ministry of State Security, in a hacking scheme that targeted American and foreign companies, as well as government agencies, from 2011 to 2018.
The defendants allegedly used Hainan Xiandun Technology Development Co., Ltd. as a front company to hide the Chinese government’s role, while coordinating, facilitating and managing hackers at the now-disbanded company.
The conspiracy involved accessing networks by sending spear-phishing emails with links to fake websites designed to mimic the domains of legitimate companies and hijacking credentials to target multiple users and entities, according to the Justice Department.
The Justice Department said the hacking scheme targeted various industries – including defense, education, biopharmaceutical, aviation, maritime – whose proprietary information would economically benefit Chinese companies. Academic research on Ebola, MERS, HIV/AIDS and other diseases was also targeted.
Among those charged were Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin, all Ministry of State Security officers. Wu Shurong, a hacker whose job allegedly involved creating malware and infiltrating victims’ computer systems, was also charged in the case. They have not been found or arrested.
The defendants have been charged with conspiracy to commit computer fraud and conspiracy to commit espionage, which carry a combined maximum sentence of 20 years in prison.
Following the announcement, federal agencies described dozens of tactics and techniques they say were used by China’s sponsored hackers. A 31-page document published by the FBI, the National Security Agency and the Cybersecurity and Infrastructure Agency or CISA also outlined ways to mitigate attacks.
Contributing: Associated Press