The Biden administration has accused the Chinese government of partnering with criminal gangs to commit widespread cyber attacks, including one on Microsoft this year that has affected tens of thousands of organizations.
On Monday the United States issued an alert to government agencies and private companies accusing Beijing of a scheme of attacks involving extortion and theft. The warning added that attackers affiliated with the Chinese government had carried out ransomware attacks on private companies that included claims of millions of dollars.
Strong criticism of the Biden administration has been made alongside a coalition of allies, including the EU, the United Kingdom, Australia, Canada, New Zealand, Japan and NATO. It also marked a new front in Washington’s battle against a growing tide of ransomware attacks, which have been widely accused of gangs believed to operate outside of Russia.
A senior administration official said: “[China’s] MSS – Ministry of State Security – uses criminal contract hackers to conduct cyber operations without sanctions on the globe, even for their own personal gain ”.
“Its operations include criminal activities such as cyber-enabled extortion, crypto-jacking and theft of victims around the world to earn financially.”
The official added that the United States had a “high degree of confidence” that the MSS pay attack had made the offensive on Microsoft’s Exchange email application, which was released in March. A cybersecurity researcher said the attack affected at least 30,000 organizations, including businesses and local governments.
Cyber attacks proliferated during the Covid-19 pandemic in which hackers exploited vulnerabilities exposed by employees working remotely.
The US has been under increasing pressure to act. President Joe Biden warned his Russian counterpart Vladimir Putin this month that Moscow will face consequences if it fails to act against ransomware attackers, who typically take a company’s data or systems and demand payment to release them.
Biden’s threat has followed highly disruptive ransomware attacks on companies such as Colonial Pipeline, which has been forced to close temporarily, and JBS, the world’s largest meat processor.
U.S. officials also said they were “surprised” to find that individuals affiliated with China’s MSS were behind a ransomware attack where hackers demanded millions of dollars from an unnamed American company.
Monday’s alert was Washington’s stricter warning that Beijing was to blame for the widespread malicious cyber activity.
A senior administration official said: “The PRC’s pattern of irresponsible behavior in the cyberspace is inconsistent with its stated aim of being seen as a responsible leader in the world.”
Officials did not say which particular group of hackers or businessmen were responsible for the attacks.
The U.S. Department of Justice charged five Chinese nationals last September with hacking more than 100 companies around the world as part of a state-backed group called APT41.
Experts he said the group was unusual in that it conducted sophisticated espionage campaigns and criminal exploits. Justice department officials at the time accused Beijing of allowing cybercriminals to operate unpunished if they had also aided state authorities.
Separately, China was put on fire last summer by U.S. agencies including the FBI, which warned that Beijing and its affiliates were trying to steal coronavirus research by hacking health, pharmaceutical and research groups.