The US and its western allies formally accused China on Monday of being behind a sweeping cyberattack of Microsoft’s Exchange email servers, saying Beijing has been contracting with hackers to carry out operations.
The US, NATO, the European Union and the UK publicly attributed the March attack that compromised tens of thousands of computers and networks worldwide to China’s Ministry of State Security (MSS) “affiliated cyber operators.”
US intelligence agencies determined with “high confidence” that the Microsoft hack was carried out by individuals affiliated with the MSS, a senior administration official told reporters on a conference call.
The US specifically said hackers who have a record of working with the MSS “have engaged in ransomware attacks, cyber enabled extortion, crypto-jacking, and rank theft from victims around the world, all for financial gain.”
“In some cases, we are aware that PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars,” a White House statement said, referring to the People’s Republic of China.
“The PRC’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts,” it added.
Just as the allegations were made public, the Justice Department announced that four Chinese nationals have been charged with working with the MSS to hack into corporate, university and government computer systems to steal intellectual property and confidential business information.
The indictment alleges that Hainan State Security Department officers Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin are “responsible for coordinating, facilitating and managing computer hackers and linguists at Hainan Xiandun and other MSS front companies to conduct hacking for the benefit of China and its state-owned and sponsored instrumentalities.”
It further alleges that hacker Wu Shurong created malware, hacked into foreign government computer systems and supervised other hackers at Hainan Xiandun Technology Development Co., Ltd.
The indictment was returned in May, but unsealed on Friday.