Britain and its international partners have accused China of being a global threat carrying out “systematic cyber sabotage” on a massive scale, using criminal hacking groups for spying, data theft, blackmailing businesses and targeting political opponents.
Just one attack, on Microsoft Exchange email services, affected a quarter of a million servers worldwide, ranging from government departments and security installations to commercial concerns and civic society organisations.
The organised hacking last March was one of an increasing number of hacking missions instigated by Beijing, according to a newly formed alliance of states that publicly identifies Beijing as being responsible for aggressive cyber warfare in its first joint statement, and warns that “it will be held to account” over its aggressive actions.
The group formed by the US and other Nato member states, the European Union, Australia, New Zealand and Japan has agreed to pool resources to counter the offensive through sharing intelligence and technology.
The attacks, the allies charge, are carried out by criminal hacking groups with the active backing of China’s Ministry of State Security. Their wide-ranging and expanding activities include not just espionage, but extortion by spreading ransomware and cryptojacking.
The state-sponsored blackmail means that the Chinese government is complicit in demanding millions of dollars from private companies in exchange for digital keys that allow victims to regain access to their computer networks, say western security officials.
The British government has named a number of hacking groups as being backed by Beijing’s State Security Ministry for political and commercial intelligence gathering, to destabilise states and use clandestine means in pursuit of foreign policy.
Responsible states do not indiscriminately compromise global network security nor knowingly harbour cyber criminals – let alone sponsor or collaborate with them
Antony Blinken, US Secretary of State
The National Cyber Security Centre (NCSC) identified “APT40” and “APT31”, HAFNIUM, TEMP.Periscope, TEMP.Jumper. Leviathan, Judgement Panda, Zirconium and Red Keres as responsible for the attacks. As well as the Micrsoft infiltration, they had targeted defence contractors in Europe and US, political figures critical of Beijing, the parliament in Finland, elections in countries neighbouring China, and opponents of Beijing’s “Belt and Road” programme – a strategy seen as promoting Chinese hegemony through debt dependency.
In the US, the National Security Agency, FBI and Cybersecurity and Infrastructure Security Agency published details of more than 50 tactics Chinese state-sponsored hackers use when targeting western networks, including spearphishing emails with malicious attachments and exploitation of public-facing applications.
The accusations against the Chinese government came on the same day that indictments were unsealed in Washington showing that the US administration has charged four Chinese nationals affiliated with the Ministry of State Security with a campaign to hack into computer systems of dozens of companies, universities and government agencies in the US and abroad between 2011 and 2018. The documents allege that Ebola vaccine research was among the hackers’ targets.
The British foreign secretary, Dominic Raab, said: “The Chinese government must end this systematic cyber sabotage and can expect to be held account if it does not.”
The US secretary of state, Antony Blinken, said: “Responsible states do not indiscriminately compromise global network security nor knowingly harbour cyber criminals – let alone sponsor or collaborate with them. These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS ( Ministry of State Security) had them on its payroll.”
The European Union’s foreign policy chief, Josep Borrell, added that the cyberattack was conducted from China and “resulted in security risks and significant economic loss for our government institutions and private companies”.