In its latest announcement surrounding cybersecurity, the Biden administration said Monday China was behind March’s Microsoft Exchange email server software hack. The hack compromised tens of thousands of computers around the world.
The video above shows White House Press Secretary Jen Psaki discussing the international effort to call China out.
The Microsoft Exchange hack was first identified in January. Experts quickly attributed the hack to China. An administration official said the government’s attribution to China took until now in part because the administration wanted to pair the announcement with guidance for businesses about tactics the Chinese have been using.
The White House also wanted to line up an international coalition of allies to call out China. The official said it was the first time NATO had condemned Beijing’s hacking operations.
The European Union and Britain also pointed the finger at China. The EU said malicious cyber activities that targeted government institutions, political organizations and key industries could be linked to Chinese hacking groups. The U.K.’s National Cyber Security Centre said the groups targeted maritime industries and naval defense contractors in the U.S. and Europe, as well as the Finnish parliament.
In a statement, EU foreign policy chief Josep Borrell said the hacking was “conducted from the territory of China for the purpose of intellectual property theft and espionage.”
The Justice Department charged four Chinese nationals prosecutors said were working with China’s Ministry of State Security in a hacking campaign that targeted dozens of computer systems. This includes companies, universities and government entities.
The Ministry of State Security has been using criminal contract hackers, who have engaged in cyber extortion schemes and theft for their own profit, according to a senior administration official.
A Chinese Foreign Ministry spokesperson has previously said China “firmly opposes and combats cyber attacks and cyber theft in all forms”. The ministry said attribution of cyberattacks should be based on evidence and not “groundless accusations.”
The majority of the most damaging and recent high-profile ransomware attacks have involved Russian criminal gangs. Though the U.S. has sometimes seen connections between Russian intelligence agencies and individual hackers, the use of criminal contract hackers by the Chinese government “to conduct unsanctioned cyber operations globally is distinct,” the official said.