Up until now, Eastern European and North Korean hackers had been accused of most ransomware attacks. With Monday’s statements, the U.S. and its allies are accusing the PRC government of not only leading malicious cyber dealings but employing hackers to perform these cyber-attacks. The claim states that China is sponsoring espionage and supporting the work of the cybercriminals executing these attacks.
U.K. and European Union Support U.S. Statement
According to a statement from U.S. Secretary of State Anthony Blinken, “The United States and countries around the world are holding the People’s Republic of China accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security.” The U.K. is partnering with the U.S. in their condemning of the People’s Republic of China. On Monday, U.K. Foreign Secretary Dominic Raab stated, “The Chinese Government must end this systematic cyber sabotage and can expect to be held accountable if it does not.” The European Union’s foreign policy chief Josep Borrell also released a statement supporting the claim that the cyberattack was conducted from China and “resulted in security risks and significant economic loss for our government institutions and private companies.” The cyberattacks have been linked to the hacker groups Advanced Persistent Threat 40 and Advanced Persistent Threat 31, according to an EU statement on Monday from the Foreign, Commonwealth & Development Office, National Cyber Security Centre, and The Rt Hon Dominic Raab MP.
Biden Administration on Chinese Hacking
“The United States has long been concerned about the People’s Republic of China’s (PRC) irresponsible and destabilizing behavior in cyberspace. Today, the United States and our allies and partners are exposing further details of the PRC’s pattern of malicious cyber activity and taking further action to counter it, as it poses a major threat to U.S. and allies’ economic and national security,” per the statement from the White House on Monday. As part of the group statements, the National Security Agency, the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation have released a cybersecurity advisory that details a variety of PRC state-sponsored cyber-attack techniques that have been used to target the U.S. and their allies, including those used during the Exchange Server attack.
U.S. DOJ Charges Chinese Hackers
The U.S. Department of Justice has charged four Chinese nationals with various hacking attacks on government agencies, universities, and businesses. The cyber-hacking campaign targeted trade secrets in various industries including government, defense, aviation, health care, biopharmaceutical, maritime, and educational industries, per a statement from the Department of Justice. “These criminal charges once again highlight that China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments,” Deputy U.S. Attorney General Lisa Monaco said in the statement. Victims of the attack include organizations, businesses, and governments located in Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland, the United Kingdom and the United States.