US, NATO to ‘expose’ China for ‘malicious cyber activities’

iStock/Dusanpetkovic

(WASHINGTON) — The United States, several allies and partners and NATO are joining forces to “expose and criticize” China for a “pattern of malicious cyber activities,” announcing on Monday that China is profiting off some of the cyberattacks it’s supported, and officially saying it was behind the Microsoft Exchange server breach in March.

“We will show how the PRC [People’s Republic of China] MSS, Ministry of State Security, uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit,” senior administration officials said on a call with reporters Sunday night. “Their operations include criminal activities such as cyber-enabled extortion, cryptojacking and theft of victims around the world for financial gain.

Officials said they also know of some “government-affiliated cyber operators conducting ransomware operations against private companies that have included ransom demands of millions of dollars.”

Senior officials said they found the MSS-affiliated ransomware attacks to be “surprising” and gave them “new insights” into how the MSS operates and the “aggressive behavior” coming out of China.

Asked how the tactics from the Chinese differ from similar attacks they see coming out of Russia, senior officials said they sometimes see “some connection” between Russian intelligence services and individuals, but “the MSS use of criminal contract hackers to conduct unsanctioned cyber operations globally is distinct.”

Joining the U.S. in this public announcement is the European Union, United Kingdom, Australia, Canada, New Zealand, Japan and NATO. It’s the first time NATO has condemned Chinese cyber activities.

The FBI, NSA and the Cybersecurity and Infrastructure Security Agency released a list Monday of tactics, procedures and techniques used by Chinese state-sponsored cyber actors.

Among the trends, officials say these actors are “using a revolving series of virtual private servers (VPSs) and common open-source or commercial penetration tools.” They are also accused of looking for ways to exploit vulnerabilities in major applications, like “Pulse Secure, Apache, F5 Big-IP, and Microsoft products.”

The advisory also states that they are using a “full array of tactics and techniques to exploit computer networks of interest worldwide and to acquire sensitive intellectual property, economic, political, and military information.”

“Countries around the world are making it clear that concerns regarding the PRC malicious cyber activity is bringing them together to call out those activities, promote network defense in cybersecurity, and act to disrupt threat to our economies and national security,” a senior administration official said.

The group will also formally attribute the Microsoft Exchange server cyberattack in March to China’s Ministry of State Security (MSS) “with high confidence.”

Asked what caused the delay for the U.S. to officially point to China for that attack, a senior administration official said they wanted to work with allies and partners because victims of this attack were not just in the U.S.

Officials said they have raised these incidents with senior Chinese government officials and “are not ruling out further actions to hold the PRC accountable,” adding that their actions “threaten security, confidence and stability in cyberspace.”

Copyright © 2021, ABC Audio. All rights reserved.