U.S., Japan and other allies accuse China of global hacking spree

The United States and its allies accused China on Monday of a global cyberespionage campaign, mustering an unusually broad coalition of countries to publicly call out Beijing for hacking.

The United States was joined by NATO, the European Union, Australia, Britain, Canada, Japan and New Zealand in condemning the spying, which U.S. Secretary of State Antony Blinken said posed “a major threat to our economic and national security.”

Japan said it “strongly supports” the statements by the United States, Britain and other countries, which “express the determination to uphold the rules-based international order in cyberspace.”

“Malicious cyber activities that could potentially undermine the foundation of democracy embodied by free, fair and secure cyberspace cannot be condoned,” foreign press secretary Tomoyuki Yoshida said in a statement, adding Japan “firmly condemns and will take strict measures against these activities.”

State Department spokesman Ned Price said it was the first time that NATO — the Western military alliance whose members include Hungary and Turkey, which have comparatively cordial relations with Beijing — has condemned cyberactivity from China.

“We know we’ll be stronger, we know we’ll be more effective when we act collectively,” Price said, saying the United States was not ruling out further action.

Biden has promised a strategy driven by alliances to face Beijing, drawing a contrast with the predilection for harsh rhetoric of his predecessor, former President Donald Trump.

Simultaneously, the U.S. Department of Justice charged four Chinese nationals — three security officials and one contract hacker — with targeting dozens of companies, universities and government agencies in the United States and abroad.

A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, called the accusations against China “irresponsible.”

“The Chinese government and relevant personnel never engage in cyber attacks or cyber theft,” Liu said in a statement.

At an event about the administration’s infrastructure plan, U.S. President Joe Biden told reporters: “My understanding is that the Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it. And maybe even accommodating them being able to do it.”

White House spokeswoman Jen Psaki was later asked at her daily briefing why Biden did not directly blame the Chinese government in his response to a reporter’s question.

“That was not the intention he was trying to project. He takes malicious cyber activity incredibly seriously,” Psaki said.

Psaki also said the White House does not differentiate between Russia and China when it comes to cyberattacks.

“We are not holding back, we are not allowing any economic circumstance or consideration to prevent us from taking actions … also we reserve the option to take additional action,” she said.

While a flurry of statements from Western powers represents a broad alliance, cyberexperts said the lack of consequences for China beyond the U.S. indictment was conspicuous. Just a month ago, summit statements by G7 and NATO warned China and said it posed threats to the international order.

Adam Segal, a cybersecurity expert at the Council on Foreign Relations in New York, called Monday’s announcement a “successful effort to get friends and allies to attribute the action to Beijing, but not very useful without any concrete follow-up.”

Some of Monday’s statements even seemed to pull punches. While Washington and its close allies such as the United Kingdom and Canada held the Chinese state directly responsible for the hacking, others were more circumspect.

NATO merely said that its members “acknowledge” the allegations being leveled against Beijing by the U.S., Canada, and the U.K.. The European Union said it was urging Chinese officials to rein in “malicious cyber activities undertaken from its territory” — a statement that left open the possibility that the Chinese government was itself innocent of directing the espionage.

The United States was much more specific, formally attributing intrusions such as the one that affected servers running Microsoft Exchange earlier this year to hackers affiliated with China’s Ministry of State Security. Microsoft had already blamed China.

U.S. officials said the scope and scale of hacking attributed to China had surprised them, along with China’s use of “criminal contract hackers” who Blinken said carry out both state-sponsored activities and cybercrime for their own financial gain.

U.S. security and intelligence agencies outlined more than 50 techniques and procedures that “China state-sponsored actors” use against U.S. networks, a senior administration official said.

Washington in recent months have accused Russian hackers of a string of ransomware attacks in the United States.

The senior administration official said U.S. concerns about Chinese cyberactivities have been raised with senior Chinese officials, and further action to hold China accountable was not being ruled out.

The United States and China have already been at loggerheads over trade, China’s military buildup, disputes about the South China Sea, a crackdown on democracy activists in Hong Kong and treatment of the Uyghurs in the Xinjiang region.

Blinken cited the Justice Department indictments as an example of how the United States will impose consequences.

The defendants and officials in the Hainan State Security Department, a regional state security office, tried to hide the Chinese government’s role in the information theft by using a front company, according to the indictment.

The campaign targeted trade secrets in industries including aviation, defense, education, government, healthcare, biopharmaceutical and maritime industries, the Justice Department said.

Victims were in Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland, the United Kingdom and the United States.

“These criminal charges once again highlight that China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments,” Deputy U.S. Attorney General Lisa Monaco said in the statement.

Most ransomware attacks had previously been attributed to Eastern European and North Korean operators. Now the U.S. is accusing the Chinese government of not only leading malicious cyberoperations, but also of hiring mercenaries, according to the Biden administration official. The claim accuses China of not only sponsoring espionage, but also supporting and possibly endorsing the work of cybercriminals executing these attacks.

Due to the breadth of victims around the world, the formal attribution came only after the U.S. had attained a high confidence level on the source of the hack, and the announcement could be made in concert with allies, the official added.