China's Ministry of State Security 'uses criminal contract hackers to conduct unsanctioned cyber operations globally,' says US official
The United States on Monday led allies in a fierce condemnation of China over allegedly "malicious" cyber activity, accusing it of criminal extortion, issuing ransom demands to private firms and threatening national security.
In comments likely to further strain worsening relations between Washington and Beijing, a senior US official said that China's "irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world."
The United States, the European Union, Britain, Australia, Canada, New Zealand, Japan and NATO were united against the threat, the US official said, and would expose how China targets international cyber networks.
China's Ministry of State Security "uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit," the official said.
"Their operations include criminal activities such as cyber-enabled extortion, crypto-jacking, and theft from victims around the world for financial gain.
"We're aware of reports that PRC (China) government-affiliated cyber operators have conducted ransom operations against private companies that have included ransom demands with millions of dollars."
Later on Monday, the US-led alliance was due to announce details of action against China over the alleged cyber misconduct, and to reveal 50 "tactics, techniques and procedures Chinese state-sponsored cyber actors use."
The official said US allies were sharing technical advice on how to confront China, as Beijing's cyber security behavior "poses a major threat to the US and allies' economic and national security."
Not just Russia?
The United States will also on Monday formally accuse cyber actors affiliated to China's Ministry of State Security of conducting the massive Microsoft Exchange Server hack disclosed in March.
The hack, which exploited flaws in the Microsoft Exchange service, affected at least 30,000 US organizations including local governments and was already attributed to an "unusually aggressive" Chinese cyber-espionage campaign.
"We have raised our concerns about both the Microsoft incident, and the PRC broader malicious cyber activity with senior PRC government officials," the US official said.
Accusations of cyberattacks against the United States have recently focused on Russia, rather than China.
Last week, Washington offered $10 million in rewards for information about foreign online extortionists as it stepped up efforts to halt the sharp rise in ransomware attacks.
US officials say that many of the attacks originate in Russia, although they have debated to what extent there is state involvement. Russia denies responsibility.
This year has seen a slew of prominent ransomware strikes that have disrupted a major US pipeline, a meat processor and the software firm Kaseya, which affected 1,500 businesses.
Some $350 million was paid to malicious cyber actors last year, a spike of 300 percent from 2019, according to the Department of Homeland Security.
Details on the joint action against China were expected later Monday from the White House, the EU, NATO and others.
"The US and our allies and partners are not ruling out further actions to hold the PRC accountable," the US official said, adding, "This is the first time NATO has condemned PRC cyber activity.
"We're putting forward a common cyber approach with our allies, and laying down clear expectations of how responsible nations behave in cyberspace."