After clashing with Russia, Biden accuses China of carrying out cybercrime operations against the United States
After confronting Russian President Vladimir Putin over cybersecurity at their summit last month, US President Joe Biden is rallying his allies to accuse China of sponsoring cybercrime activities around the world.
A senior Biden administration official described the campaign during a press call with reporters on Sunday evening, saying that “the United States has long been concerned about the irresponsible and destabilizing behavior of the People’s Republic of China in cyberspace “.
“The PRC’s model of irresponsible behavior in cyberspace is incompatible with its stated goal of being seen as a responsible leader in the world,” the official said.
The official underlined three points for the action plan to be unveiled on Monday.
First, it would include “an unprecedented group of allies and partners, including the European Union, the United Kingdom, Australia, Canada, New Zealand, Japan and NATO”, all alleging that China’s State Security Ministry “uses criminal hackers to conduct unauthorized cyber operations globally, including for their own personal gain.”
“Their operations include criminal activity, such as extortion, cryptocurrency embezzlement, and theft from victims around the world for financial gain,” the official said. “In some cases, we are aware of reports that cyber operators affiliated with the PRC government have carried out ransomware operations against private companies that have included ransom demands of millions of dollars. “
Second, the National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation (FBI) would issue a joint notice that “will outline more than 50 tactics, techniques, and procedures that Chinese state-sponsored cyber actors have used to target. the United States and its allies. networks, as well as advice on technical mitigation measures to deal with this threat, ”the official said.
The 31-page opinion, obtained by News week, explains in detail the observed activities attributed to China and the hackers it is accused of hiring, saying that “Chinese state-sponsored cyberactors aggressively target political, economic, military personnel and organizations, education and critical infrastructure (CI) of the United States and its allies to steal sensitive data, key critical and emerging technologies, intellectual property and Personally Identifiable Information (PII). “
The third point mentioned by the senior administration in Sunday’s appeal marked the most direct step to date.
“The United States government, along with our allies and partners, will officially attribute the malicious cybercampaign using the zero-day vulnerabilities in the Microsoft Exchange server disclosed in March, several months ago, to malicious cyber actors affiliated with the MSS with high confidence, “according to the official.
The attack reportedly affected up to 30,000 servers in the United States alone, with thousands more casualties overseas.
Hours after the appeal on Monday morning, the Justice Department released a statement regarding an unsealed indictment from the San Diego federal grand jury charging three people – Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin – of “coordinating , facilitate and manage hackers and linguists in Hainan Xiandun and other MSS front companies to conduct hacking operations for the benefit of China and its public and sponsored instruments. “
Targets would include those beyond the United States and also extend to Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, Africa of the South, Switzerland and the United Kingdom. Sectors allegedly affected included aviation, defense, education, government, healthcare, biopharmaceuticals and the navy.
“These criminal charges underscore once again that China continues to use cyber attacks to steal what other countries are doing, in blatant disregard of its bilateral and multilateral commitments,” Deputy Attorney General Lisa O. Monaco said in a statement. “The scale and duration of China’s hacking campaigns, including these efforts targeting a dozen countries in sectors ranging from healthcare and biomedical research to aviation and defense, remind us that no country or industry is safe. Today’s international condemnation shows that the world wants fair rules, where countries invest in innovation, not theft. “
FBI Deputy Director Paul M. Abbate said the office “will not allow the Chinese government to continue to use these tactics to gain unfair economic advantage for its companies and commercial sectors through criminal intrusions and of thefts, “while Acting US Attorney Randy Grossman for the Southern District of California argued that such actions” threaten our economy and our national security. “
This language was echoed in a statement by Secretary of State Antony Blinken, who referred to both the indictments and the efforts by the United States to attribute the attack on Microsoft Exchange Server to China.
“In addition to the PRC’s direct commitments not to engage in the theft of intellectual property for commercial purposes, the international community has set clear expectations and guidelines on what constitutes responsible behavior in cyberspace,” said Blinken. “Responsible states do not blindly compromise the security of the global network or knowingly host cybercriminals, let alone sponsor or collaborate with them.
The White House also released a backgrounder containing specific steps the Biden administration has taken to strengthen national cybersecurity, including a five-point plan to fund “state-of-the-art terminal security, the improving logging practices, moving to a secure cloud environment, upgrading security operations centers and deploying multi-factor authentication and encryption technologies ”, as well as a decree to strengthen cybersecurity and other initiatives.
“By exposing the malicious activity of the PRC, we are continuing the administration’s efforts to educate and empower system owners and operators to take action,” the factsheet reads. “We call on private sector companies to follow the lead of the federal government and take ambitious steps to increase and align investments in cybersecurity with the goal of minimizing future incidents. “
A statement then released by NATO did not go so far as to accuse China of orchestrating the attack on Microsoft Exchange Server, but “acknowledged” that member states Canada, the United States and the United Kingdom had it. made.
“In line with our recent Brussels summit communiqué, we call on all states, including China, to respect their international commitments and obligations and to act responsibly in the international system, including cyberspace,” the statement said. . “We also reiterate our willingness to maintain a constructive dialogue with China on the basis of our interests, on areas relevant to the Alliance such as cyber threats and on common challenges.”
The United States has previously accused Russia of carrying out both state-sponsored cyber attacks, including through the General Directorate of the Army, or GU, sometimes still referred to by its old name, GRU , and to tolerate criminal cyber-collectives on its territory. In March, Biden imposed a new round of sanctions on Moscow in response to last year’s massive SolarWinds hack and called on Putin to take action against Russian hackers.
The Kremlin has repeatedly rejected any notion of collusion with cyber collectives and signaled its willingness to suppress such behavior in the interest of bilateral cooperation on cyber issues.
The senior administration official on Sunday contrasted the behavior of US officials observed from Russia and China.
“On the Russian side,” the official said, “sometimes we see individuals working illegally. And we see, you know, links between Russian intelligence services and individuals, but that kind of … the global scale are distinct.
The official called the Chinese government’s alleged tactics “really revealing and surprising to us.”
Washington sees Beijing and Moscow as two of its main global competitors, but the latter is increasingly at the center of US foreign policy efforts to maintain its dominance in various fields, including cyber.
Chinese authorities have consistently denied any wrongdoing in the IT field and instead accused the United States of engaging in global espionage campaigns.
At the end of last month, China’s Permanent Representative to the United Nations Zhang Jun called for international unity in approaching cybersecurity during a debate at the United Nations General Assembly.
“In cyberspace, countries not only benefit from common opportunities and interests, but also face common challenges and assume shared responsibilities,” Zhang said at the time, quoted by China’s Foreign Ministry. . “They are increasingly becoming a community of destiny through happiness and unhappiness. The international community should work together in a common effort to protect cybersecurity and maintain international peace.”
He said world powers “should promote security through peacekeeping and prevent cyberspace from becoming a new battleground.”