The United States government and a coalition of allies, including the UK and the EU, have accused China of a orchestrating a global cyber hacking campaign that included the major Microsoft attack earlier this year.
A senior administration official speaking on behalf of the US government accused China’s Ministry of State Security of working with criminal hackers on a string of attacks that have included “cyber-enabled extortion, crypto-jacking and theft from victims around the world for financial gain.”
The accusations added that Chinese government-affiliated attackers had conducted ransomware attacks on private companies that have included demands of millions of dollars.
A coalition of ally governments including the UK, EU, Australia, Canada, Japan, New Zealand and Nato joined the Biden administration in accusing China of the attacks.
“The PRC’s MSS — Ministry of State Security — uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit,” the senior administration official said.
Foreign secretary Dominic Raab described the hacking campaign as “a reckless but familiar pattern of behaviour” from Beijing.
In a statement accusing the Chinese government of the cyber attack campaign, Raab said Beijing “must end this systematic cyber sabotage and can expect to be held to account if it does not”.
The US and allies also attributed the major cyber attack on Microsoft earlier this year to Beijing, making the accusation “with high confidence.”
The attacks, which took place in March, exploited vulnerabilities in Microsoft Exchange servers to gain access to tens of thousands of organisations in Asia and Europe, including the European Banking Authority.
It comes after the White House launched an emergency taskforce to look into the attack, which Microsoft had originally blamed on a hacker group with links to the Chinese state.
It marks a change of direction for cyber attack accusations from the US, after Russian hackers were blamed for a string of attacks on major US companies and government agencies after targeting vulnerabilities in Solar Winds software.
Although US allegations of Beijing’s involvement in cyberattacks are not uncommon, today’s statement stands out as seemingly far more serious than before.
“It is by far the most direct allegation the US government has made yet; this fits with our long-standing view that cybersecurity will increasingly become a focus of the US-China rivalry under the Biden administration,” said Cailin Birch, Global Economist at The Economist Intelligence Unit.
The number of allies who support the statement also suggests that cybersecurity is a unifying top concern in terms of China relations – but it is unlikely to translate into any formal measures, Birch predicts.
“This suggests that US-EU alignment on the issue only goes so far, and that several parties, potentially including the US government, are hesitant to escalate tensions with China at such a fragile point in the global economic recovery,” she added.