On Monday, the Biden administration joined allied nations in formally naming People’s Republic of China (PRC) state-sponsored hackers as responsible for exploiting an estimated 250,000 servers in the Microsoft Exchange hack discovered in March, a senior administration official told American Military News on a press call Sunday.
The senior administration official said China’s Ministry of State Security (MSS) has used criminal contract hackers “to conduct unsanctioned cyber operations globally.” Along with the Microsoft Exchange hack, the senior official said other notable malicious cyber activity has included extortion, “cryptojacking,” cyber-assisted theft and ransomware operations targeting victims around the world.
Cryptojacking entails hacking into a victim’s computer and installing software that uses the victim’s computing power to mine cryptocurrencies as well as stealing a victim’s existing cryptocurrency.
“The PRC’s actions threaten security, confidence, and stability in cyberspace,” the senior administration official said. “The U.S. and our allies and partners are not ruling out further actions to hold the PRC accountable.”
Secretary of State Antony Blinken said in a Monday statement that “The United States government, alongside our allies and partners, has formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims.”
The Department of Justice also announced charges on Monday against four Chinese Nationals working with China’s Ministry of State Security (MSS) to hack into the computer systems of dozens of victim companies, universities and government entities in the United States and abroad between 2011 and 2018.
“As evidenced by the indictment of three MSS officers and one of their contract hackers unsealed by the Department of Justice today, the United States will impose consequences on PRC malicious cyber actors for their irresponsible behavior in cyberspace,” Blinken said.
In condemning the Chinese hacking operations, the U.S., joined along with allies in the European Union, United Kingdom, Australia, Canada, New Zealand, Japan and NATO. The senior administration official said this is the first time NATO has specifically condemned Chinese cyber activity.
“Today, the United States and our allies and partners are exposing further details of the PRC’s pattern of malicious cyber activity and taking further action to counter it, as it poses a major threat to U.S. and allies’ economic and national security,” the White House said in a statement. “An unprecedented group of allies and partners – including the European Union, the United Kingdom, and NATO – are joining the United States in exposing and criticizing the PRC’s malicious cyber activities.”
During the Sunday background call, the senior administration official said the U.S. has “made clear that we’ll continue to take actions to protect the American people from malicious cyber activity, no matter who’s responsible.” The official added, “We’re not ruling out further actions to hold the PRC accountable.”
The FBI, NSA and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory on Monday listing more than 50 tactics, techniques and procedures employed by hackers to Chinese-sponsored have used to target U.S. and allied networks. The advisory provided the technical advice necessary to protect against those hacking methods.