US: China govt contracts criminal hackers, behind Microsoft cyberattack

The United States and allied nations have condemned China's "malicious" cyber activity, accusing Beijing of extortion and threatening national security, and promising consequences as it charged four Chinese nationals with hacking.

The Biden administration blamed China for a hack of Microsoft Exchange email server software that compromised tens of thousands of computers around the world earlier this year.

It also disclosed a broad range of other cyberthreats from Beijing, including ransomware attacks from government-affiliated hackers that have targeted companies with demands for millions of dollars.

"(China's) Ministry of State Security (MSS) has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain," said US Secretary of State Antony Blinken in a statement that is likely to further strain worsening relations between Washington and Beijing.

READ MORE: Hackers reportedly ask for $70M ransom to restore US firm's data

Four Chinese nationals charged in US

Meanwhile, the US Department of Justice said four Chinese nationals had been charged with hacking the computers of dozens of companies, universities and government bodies in the United States and abroad between 2011 and 2018.

"As evidenced by the indictment of three MSS officers and one of their contract hackers unsealed by the Department of Justice today, the United States will impose consequences on (Chinese) malicious cyber actors for their irresponsible behavior in cyberspace," Blinken said.

The United States, the European Union, Britain, Australia, Canada, New Zealand, Japan and NATO were united against the threat, a senior US official told reporters.

"The US and our allies and partners are not ruling out further actions to hold (China) accountable," the US official said, adding that it was the first time NATO had condemned Chinese cyber activity.

"We're putting forward a common cyber approach with our allies, and laying down clear expectations of how responsible nations behave in cyberspace," the official added.

READ MORE: Massive ransomware attack potentially hit 'more than 1,000 companies'

Warning to China

The Microsoft hack, which exploited flaws in the Microsoft Exchange service, affected at least 30,000 US organizations including local governments as well as organizations worldwide, and was already attributed to an "unusually aggressive" Chinese cyber-espionage campaign.

British Foreign Minister Dominic Raab said such attacks were part of a "reckless but familiar pattern of behavior."

"The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not," Raab said in a statement.

The EU said that cyberattacks "that targeted government institutions and political organisations in the EU and member states, as well as key European industries" could be linked to hacker groups that conducted them "from the territory of China for the purpose of intellectual property theft and espionage." The block issued a statement condemning China's behavior and urging it to "take all appropriate measures" to clamp down on such activities.

Later on Monday, the US-led alliance was due to announce details of action against China over the alleged cyber misconduct, and to reveal 50 "tactics, techniques and procedures" used by Chinese state-sponsored cyber actors, a senior US official told reporters.

The US official said allies were sharing technical advice on how to confront China.

Russia more in focus

Accusations of cyberattacks against the United States have recently focused on Russia, rather than China.

Last week, Washington offered $10 million for information about foreign online extortionists as it stepped up efforts to halt the sharp rise in ransomware attacks.

US officials say that many of the attacks originate in Russia, although they have debated to what extent there is state involvement. Russia denies responsibility.

This year has seen a slew of prominent ransomware strikes that have disrupted a major US pipeline, a meat processor and the software firm Kaseya, which affected 1,500 businesses.

Some $350 million was paid to malicious cyber actors last year, a spike of 300 percent from 2019, according to the Department of Homeland Security.

A Chinese Foreign Ministry spokesperson, asked about the Microsoft Exchange hack, has previously said that China “firmly opposes and combats cyberattacks and cyber theft in all forms” and cautioned that attribution of cyberattacks should be based on evidence and not “groundless accusations.”