The U.S. today via a White House press release has formally accused the People's Republic of China for the hacks that targeted Microsoft Exchange earlier this year. Joined by the EU, UK, and NATO, the western conglomerate is convinced that China [via its Ministry of State Security (MSS)] actively hired hackers that would do its bidding, while attempting to obfuscate the true purpose behind their criminal endeavours. The result? Exploited vulnerabilities in Microsoft Exchange that led to thousands of compromised computers around the world, in a massive, several-year-long operation that "resulted in significant remediation costs for its mostly private sector victims.”
According to U.S. Secretary of State Antony Blinken, “These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the [Chinese Ministry of State Security (MSS)] had them on its payroll.” He also stated, "Responsible states do not indiscriminately compromise global network security nor knowingly harbor cyber criminals – let alone sponsor or collaborate with them."
Responsible states do not indiscriminately compromise global network security nor knowingly harbor cyber criminals – let alone sponsor or collaborate with them.
Secretary of State Antony Blinken
The charges accuse China of hiring a veritable army of hackers, whose sole purpose was to steal state secrets and intellectual property while wreaking havoc with services and infrastructure at the military, economic, and healthcare level. The Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Agency (CISA) all contributed toward a cybersecurity advisory (released today) detailing the alleged connections between the hacker's actions and China. The Department of Justice (DOJ) also publicly indicted four Chinese nationals working with the with China's MSS with charges of taking part in the global computer intrusion campaign. We're thus looking at a coordinated, metaphorical fusillade across US institutions against the alleged Chinese wrongdoings.
The EU is slightly less direct in its wording and appraisal of the issue at hand than the U.S., however. As they put it via a Foreign Affairs and Security Policy statement, "The EU and its member states strongly denounce these malicious cyber activities, which are undertaken in contradiction with the norms of responsible state behavior (...). We continue to urge the Chinese authorities to adhere to these norms and not allow its territory to be used for malicious cyber activities, and take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation.”
So, while the U.S. directly accuses China of orchestrating the hacks, the EU seems to be taking a more cautious approach in saying that China should be doing more to prevent any of these actions from being taken inside its borders — and to act decisively in thwarting them when they do.
