In a coordinated announcement, the U.S. and its foreign allies accused China's Ministry of State Security of using "criminal contract hackers" to carry out malicious cyber activities with the intent of making a profit. The U.S. said China’s MSS used these contract hackers "to conduct unsanctioned cyber operations globally, including for their own personal profit."
"The United States has long been concerned about the People's Republic of China's irresponsible and destabilizing behavior in cyberspace," a senior U.S. administration official said. "Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking, and theft from victims around the world for financial gain.”
Large ransom requests
Specifically, the governments blamed China for the hack of Microsoft’s Exchange email server software, which compromised tens of thousands of computers across the globe and gave hackers access to large amounts of sensitive data.
E.U. policy chief Josep Borrell said in a statement that the hacking was "conducted from the territory of China for the purpose of intellectual property theft and espionage." U.K. Foreign Secretary Dominic Raab said China's actions represent "a reckless but familiar pattern of behavior” and that the Chinese government “must end this systematic cyber sabotage and can expect to be held account if it does not.”
The U.S. official said China was also behind a ransomware attack against a U.S. target that involved a "large ransom request.” Ransom demands from China have been in the “millions of dollars,” the official added.
No sanctions announced
No punishments against China have been announced, but the U.S. said it has “raised its concerns” with Beijing.
"The first important piece is the publicly calling out the pattern of irresponsible malicious cyber activity, and doing it with allies and partners,” the official said, adding that the U.S. is "not ruling out further actions to hold (China) accountable."
Separately, four Chinese nationals and residents of China were indicted Monday over "a campaign to hack into the computer systems of dozens of victim companies, universities and government entities in the United States and abroad between 2011 and 2018."