(Changes with the White House)
By Steve Holland and David Shepardson
WASHINGTON, July 19 (Reuters) – The United States and a coalition of allies accused China’s State Security Ministry on Monday of a global cyber-hacking campaign, specifically attributing a large Microsoft attack that was disclosed earlier this year to hackers working on behalf of Beijing.
Opening a new area of tension with China, the United States is joined by NATO, the European Union, Britain, Australia, Japan, New Zealand and Canada in leveling the allegations, according to a White House fact sheet released Monday morning.
The announcement comes a month after G7 and NATO leaders agreed with President Joe Biden at summits in Cornwall, England and Brussels to accuse China of posing systemic challenges to the world order.
Governments “will officially blame malicious cybercampaign using zero-day Microsoft Exchange server vulnerabilities disclosed in March … official told reporters ahead of the announcement.” The United States and our allies and partners lay out more details on the PRC (People’s Republic of China) model of malicious cyber activity and are taking further steps to counter it. ”
The Chinese Embassy in Washington did not immediately respond to a request for comment. Chinese officials have previously said that China is also a victim of hackers and opposes all forms of cyberattacks.
US federal agencies, including the National Security Council, the FBI and the National Security Agency, will showcase more than 50 techniques and procedures that “Chinese state-sponsored actors” use to target US networks, the official said.
Chinese state-sponsored cyber actors routinely scan target networks for critical and elevated vulnerabilities within days of public disclosure of the vulnerability, according to the 31-page U.S. cybersecurity advisory viewed by Reuters.
“We will show how the PRC’s MSS, the Ministry of State Security, uses criminal hackers to conduct unauthorized cyber operations globally, including for their personal benefit,” the official said.
In recent months, the United States has focused its attention on Russia by accusing Russian cyber hackers of a series of ransomware attacks in the United States.
In Monday’s announcement, US officials officially blamed the Chinese government “with great confidence” for the hack that hit US businesses and government agencies using a Microsoft messaging service. Microsoft has already accused China of responsibility.
The operation specifically exploited weaknesses in Microsoft’s exchange program, a common email software package. Cyber security experts were shocked by the scale and volume of the incident, totaling thousands of potential American victims.
Senior administration official Biden said U.S. concerns over Chinese cyber activities have been raised with senior Chinese officials.
“Countries around the world are making it clear that concerns about the PRC’s malicious cyber activity bring them together to call for these activities, promote network defense and cybersecurity, and act to disrupt threats to our economies and national security,” said the manager.
The official said the scale and scale of the hacking attributed to China had surprised US officials as well as China’s use of “criminal contract hackers.”
Governments will accuse actors affiliated with China of “extortion, cryptocurrency embezzlement and theft by victims around the world for the purpose of financial gain,” the official said. “We are not ruling out further steps to hold the PRC to account.”
The United States and China are already at loggerheads over trade, the strengthening of the Chinese military, the crackdown on democracy activists in Hong Kong, the treatment of Uyghurs in the Xinjiang region and the aggression in the South China Sea.
The Biden administration issued a notice on Friday warning U.S. companies of the risks to their operations and businesses in Hong Kong after China imposed a new national security law last year. (Reporting by Steve Holland and David Shepardson; Editing by Lincoln Feast and Chizu Nomiyama)