The United States and a coalition of allies accused China on Monday of a global cyber hacking campaign that employed contract hackers, specifically attributing a large Microsoft attack disclosed earlier this year to actors working on Beijing’s behalf, according to Reuters.
Opening a new area of tensions with China, the United States is joined by NATO, the European Union, Britain, Australia, Japan, New Zealand and Canada to level the allegations.
“The United States and countries around the world are holding the People’s Republic of China accountable for its pattern of irresponsible, disruptive, and destabilizing behaviour in cyberspace, which poses a major threat to our economic and national security,” said U.S. Secretary of State, Anthony Blinken in a statement on Monday.
The U.S. Justice Department stated that four Chinese nationals – three security officials and one contract hacker – were charged in a global hacking campaign aimed at dozens of companies, universities and government agencies in the United States and abroad. The activities took place between 2011 and 2018 that focused on information that would significantly benefit Chinese companies and businesses.
The opening of a new front in the governments’ war against hacking comes a month after G7 and NATO leaders agreed with President Joe Biden at summits in Cornwall, England, and Brussels in accusing China of posing systemic challenges to the world order.
“The governments formally attributed intrusions exploiting vulnerabilities in the Microsoft Exchange Server that were disclosed in March cyber actors affiliated with China’s Ministry of State Security,” said Blinken.
The Chinese Embassy in Washington did not immediately respond to a request for comment. Chinese officials have previously said China is also a victim of hacking and opposes all forms of cyberattacks.
U.S. officials said the scope and scale of hacking attributed to China has surprised them, along with China’s use of “criminal contract hackers.”
“U.S. security and intelligence agencies will outline more than 50 techniques and procedures that “China state-sponsored actors” use in targeting U.S. networks,’ said a senior administration official.
In Monday’s announcement, U.S. officials formally blamed the Chinese government “with high confidence” for the hack that hit businesses and government agencies in the United States using a Microsoft email service. Microsoft has already accused China of responsibility.
Victims were in Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland, the United Kingdom and the United States.
“These criminal charges once again highlight that China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments,” Deputy U.S. Attorney General Lisa Monaco said in the statement.