The United States, the European Union, and the United Kingdom on Monday (July 19) jointly accused the Chinese government of conducting cyber attacks on a global scale, including the attack on Microsoft’s email server in March this year.
This is also the first time NATO, composed of 30 countries, condemned China for launching a cyber attack. Japan, Australia, Canada and New Zealand also joined the ranks.
At the same time, the U.S. Department of Justice sued four Chinese citizens, accusing them of attacking the websites of dozens of companies, universities, and government agencies in the U.S. and other countries between 2011 and 2018.
Liu Pengyu, a spokesman for the Chinese Embassy in the United States, criticized that the United States has repeatedly attacked and maliciously discredited China on cybersecurity issues. The Chinese mission to the EU also responded that the EU and NATO statements lacked facts and evidence, and emphasized that China is also a victim of cyber attacks.
What did the joint condemnation say
The United States and its allies pointed out that China has cultivated intelligence agencies, including contract hackers, who conduct unapproved cyber operations on a global scale, including for their own personal gain, causing governments, enterprises, and key infrastructure operators. Lost billions of dollars.
These countries also “highly affirmed” that malicious cyber actors serving the Ministry of National Security of China used Microsoft’s email system vulnerabilities to conduct cyber espionage activities in March this year, and carried out large-scale attacks on tens of thousands of computers and networks. Large-scale attacks have caused huge costs to private organizations.
US President Biden said that he believes that the Chinese government will not launch cyberattacks on its own, like the Russian government, but shelter those who do so, and even provide them with convenience.
The British Foreign Office stated that the Chinese government “ignored multiple calls to end its hasty actions, and instead allowed state-backed actors to expand the scale of their attacks and act hastily after being caught.”
The United Kingdom is reported to have privately proposed to Beijing for a long period of time to resolve the issue of China’s online activities, including submitting evidence files.
At the same time, the European Union stated that hacker attacks “brought security risks and significant economic losses to our government agencies and private companies.”
NATO said its member states “confirmed” similar accusations against Beijing by the United States, Canada and the United Kingdom. NATO said in its statement: “We call on all countries, including China, to uphold their international commitments and obligations and act responsibly in the international system, including cyberspace.”
The origin and development of the event
Earlier this year, the United Kingdom, the United States and the European Union accused China of carrying out a major cyber attack targeting Microsoft’s Exchange email server, affecting at least 30,000 organizations worldwide.
Hafnium is a hacker organization associated with China. In January of this year, the organization began to exploit the vulnerabilities of Microsoft Exchange to insert backdoors into the system so that it could be used again in the future. It mainly targets systems that are consistent with Hafnium’s goals, including defense contractors and think tanks. And university.
The United Kingdom stated that the attack is likely to provide conditions for large-scale espionage, including access to personal information and intellectual property.
A security source told the BBC: “We believe that the cyber agency under the control of the Chinese intelligence agency noticed Microsoft’s vulnerabilities in early January and took advantage of the vulnerabilities before the vulnerabilities became widely known.”
If it were that simple, it would be another espionage operation. But at the end of February, the situation changed significantly. Some other organizations within China began to exploit this loophole, and their targets gradually expanded, covering major industries and governments around the world.
Western security agencies believe that this marks the transformation of cyber espionage from targeted attacks to raids.
But it is difficult to understand why China’s behavior has changed. If the government authorizes the escalation of hacking operations, it means a major change in China’s thinking. If this is the case, what is even more worrying is that hackers are no longer afraid of being caught.
Western security sources believe that the hacker organization Hafnium learned in advance that Microsoft intends to patch or close the vulnerability, so before the vulnerability expires, it shared this information with Chinese companies to maximize benefits.
Western intelligence officials said that the situation is obviously more serious than they have seen in the past. They also said that it was China’s reckless behavior to spread cyber vulnerabilities that prompted the United States and its allies to publicly accuse China.
Microsoft disclosed this vulnerability on March 2 and provided a patch to close it.
Sanctions next?
Although these countries accused China of strong language, the statement did not propose specific punitive measures against China. The White House stated that it reserves the right to take more actions in response to China’s cyber attacks.
In April of this year, the White House accused Russia of launching the “SolarWinds” operation, imposing sanctions on Russia, sanctioning 32 entities and individuals on the grounds of providing false information and interfering in the US presidential election, and also banned U.S. banks from purchasing new issuances. Of Russian government bonds.
Many experts believe that the “solar wind” operation is not as serious as this one involving Microsoft. Some officials hope that China will be more motivated than Russia to solve problems in the face of international pressure.
The U.S. Department of Justice announced on Monday that it has filed criminal charges against four hackers from the Chinese Ministry of National Security. The charges involve long-term hacking operations against entities of foreign governments and key agencies, including maritime, aviation, defense, education, and medical institutions in at least 12 countries. .
According to the indictment, the defendant and officials of the National Security Department of China’s Hainan Province tried to use a front company to conceal the role of the Chinese government in information theft. The four indictees currently live in China.