US accuses China of masterminding cyber attacks worldwide

The Biden administration has accused the Chinese government of teaming up with criminal gangs to commit widespread cyber attacks, including one on Microsoft this year that affected tens of thousands of organisations.

The US on Monday issued an alert to government bodies and private companies that accused Beijing of a pattern of attacks that have involved extortion and theft. The warning added that attackers affiliated with the Chinese government had conducted ransomware attacks on private companies that have included demands for millions of dollars. 

The Biden administration’s blunt criticism was made alongside a coalition of allies, including the EU, UK, Australia, Canada, New Zealand, Japan and Nato. It also marked a new front in Washington’s battle against a rising tide of ransomware attacks, which have largely been blamed on gangs believed to be operating out of Russia.

A senior administration official said: “[China’s] MSS — Ministry of State Security — uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit.”

“Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking and theft from victims around the world for financial gain.”

The official added that the US had a “high degree of confidence” that attackers on the MSS payroll had carried out the offensive on Microsoft’s Exchange email application, which was disclosed in March. One cyber security researcher claimed that attack hit at least 30,000 organisations, including businesses and local governments.

Cyber attacks have proliferated during the Covid-19 pandemic as hackers exploited vulnerabilities exposed by employees working remotely.

The US has come under increasing pressure to take action. President Joe Biden warned his Russian counterpart Vladimir Putin this month that Moscow would face consequences if it failed to act against ransomware attackers, who typically seize a company’s data or systems and demand payment to release it.

Biden’s threat followed highly disruptive ransomware attacks on companies including Colonial Pipeline, which was forced to close temporarily, and JBS, the world’s largest meat processor.

US officials also said they were “surprised” to find that individuals affiliated with China’s MSS were behind a ransomware attack in which hackers demanded millions of dollars from an unnamed US company.

Monday’s alert was the starkest warning from Washington that Beijing was to blame for widespread malicious cyber activity.

One senior administration official said: “The PRC’s pattern of irresponsible behaviour in cyber space is inconsistent with its stated objective of being seen as a responsible leader in the world.”

The officials did not state which particular group of hackers or contractors were responsible for the attacks.

The US justice department charged five Chinese citizens last September for hacking more than 100 companies globally as part of a state-backed group known as APT41.

Experts said the group was unusual in that it carried out sophisticated espionage campaigns as well as criminal ventures. Justice department officials at the time accused Beijing of allowing cyber criminals to operate with impunity if they also helped state authorities.

Separately, China came under fire last summer from US agencies including the FBI, which warned that Beijing and its affiliates were attempting to steal coronavirus research by hacking healthcare, pharmaceutical and research groups.