The Biden administration on Monday led a worldwide condemnation of China for state-sponsored ransomware attacks, accusing Beijing of a ‘pattern of malicious cyber activities’ that poses a ‘major threat to U.S. and allies’ economic and national security.’
The administration also announced it has determined that China was behind the April hack of the Microsoft Exchange Servers, which affected thousands of users and American businesses. The cyber criminals hit more than 30,000 servers in the US alone and hundreds of thousands worldwide.
And China is doing it for its own financial gain, the White House charged.
China is using ‘criminal contract hackers to conduct unsanctioned cyber operations globally, including to their own personal profit,’ a senior administration official told reporters on a briefing call Sunday night.
The United Kingdom, European Union, Australia, Canada, New Zealand, Japan, and NATO joined in the condemnation of Beijing as cyber hacks are surging around the world.
The Joe Biden administration led a worldwide condemnation of China for state-sponsored ransomware attacks
China is using cyberattacks as a way to advance its economy and become the dominant global superpower, the Justice Department has previously charged.
On Monday, the Justice Department made public that a federal grand jury in San Diego, California, indicted four Chinese nationals who hacked into the computer systems of dozens of victim companies, universities and government entities in the United States and abroad between 2011 and 2018.
The indictment ‘alleges that much of the conspiracy’s theft was focused on information that was of significant economic benefit to China’s companies and commercial sectors, including information that would allow the circumvention of lengthy and resource-intensive research and development processes,’ the DoJ said in a statement. It does not appear related to the Microsoft hack.
The US and its allies accused China’s Ministry of State Security of hiring contract cyber operators to conduct ransomware operations against private companies that include financial demands and millions of dollars.
Those companies include managed service providers, semiconductor companies, the Defense Industrial Base (DIB), universities, and medical institutions, according to the Biden administration.
These hackers are using a range of criminal activities – including cyber-enabled extortion, crypto-jacking, and theft from victims around the world – for their financial gain.
The senior administration official said the White House was concerned about the ‘aggressive behavior’ coming out China and has discussed the matter with senior officials in the Chinese government.
‘What we found really surprising and new here was the use of criminal contract hackers to conduct this unsanctioned cyber operation and really the criminal activity for financial gain. That was really eye-opening and surprising for us,’ the official said.
As part of its strike back, US government agencies exposed more than 50 tactics techniques and procedures Beijing is using to conduct these acts along with suggestions to mitigate them.
In Microsoft’s case, the company said four vulnerabilities in its software allowed hackers to access servers. Both the company and the White House encouraged users to update their systems with the fixes. Microsoft publicly linked the hack to China in March.
Monday is the first time the government has done, saying it has a ‘high degree of confidence’ that Beijing was behind it.
Additionally, there was at least one American company had been targeted for a ‘large’ ransom by Chinese hackers who asked for millions, the administration revealed, but declined to provide further details.
But, despite the concern, the US and its allies are taking no formal actions against China but, instead, is raising awareness of its activity.
‘We’re at that first important stage of bringing awareness,’ the official said.
‘The U.S. and our allies and partners are not ruling out further actions to hold the PRC [People’s Republic of China] accountable,’ the official added.
The U.S. has struggled to respond to the surge of cyber attacks against private companies, including the ransomware of Colonial Pipeline and JBS meat supplier – both of whom were targets of Russian-based cyber criminals. Prices of gas and meat went up in the aftermath with both companies paying millions in ransom against the advice of the U.S. government.
Ransomware attacks are surging worldwide
Russia has garnered the most attention for cyber hacking.
REvil – a Russian-based group of cyber hackers – earlier this month instigated the single, largest global ransomware attack on record when it crippled hundreds of companies worldwide.
REvil was able to breach Kaseya, a Miami-based IT firm, and use their malware protection product to target, it claims, up to 1 million different businesses in at least 17 different countries. Kaseya provides services to more than 40,000 organizations.
The senior administration official said the Chinese government’s use of contract hackers made it unique from Russia where many of the hackers operate independent of the government. The ‘criminal contract hackers to conduct unsanctioned cyber operations globally is distinct,’ the official said.