Chinese officials have previously said China is also a victim of hacking and opposes all forms of cyberattacks
The US and its allies accused China on Monday of a global cyberespionage campaign, mustering an unusually broad coalition of countries to publicly call out Beijing for hacking.
The US was joined by NATO, the European Union, Britain, Australia, Japan, New Zealand, and Canada in condemning the spying, which US Secretary of State Antony Blinken said posed "a major threat to our economic and national security."
Simultaneously, the US Department of Justice charged four Chinese nationals - three security officials and one contract hacker - with targeting dozens of companies, universities and government agencies in the US and abroad.
The Chinese Embassy in Washington did not immediately respond to a request for comment. Chinese officials have previously said China is also a victim of hacking and opposes all forms of cyberattacks.
While a flurry of statements from Western powers represent a broad alliance, cyber experts said the lack of consequences for China beyond the US indictment was conspicuous. Just a month ago, summit statements by G7 and NATO warned China and said it posed threats to the international order.
Adam Segal, a cybersecurity expert at the Council on Foreign Relations in New York, called Monday's announcement a "successful effort to get friends and allies to attribute the action to Beijing, but not very useful without any concrete follow-up."
Also Read - Reports: Israeli firm's spyware used to target journalists' cell phones
Some of Monday's statements even seemed to pull their punches. While Washington and its close allies such as the United Kingdom and Canada held the Chinese state directly responsible for the hacking, others were more circumspect.
NATO merely said that its members "acknowledge" the allegations being levelled against Beijing by the US, Canada, and the UK. The European Union said it was urging Chinese officials to rein in "malicious cyber activities undertaken from its territory" - a statement that left open the possibility that the Chinese government was itself innocent of directing the espionage.
The US was much more specific, formally attributing intrusions such as the one that affected servers running Microsoft Exchange earlier this year to hackers affiliated with China's Ministry of State Security. Microsoft had already blamed China.
US officials said the scope and scale of hacking attributed to China has surprised them, along with China's use of "criminal contract hackers."
"The PRC’s Ministry of State Security (MSS) has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain," Blinken said.
US security and intelligence agencies outlined more than 50 techniques and procedures that "China state-sponsored actors" use against US networks, a senior administration official said.
Also Read - Cyber attacks hit over 200 organizations including Bangladesh Bank, BTRC
Washington in recent months has focused heavy attention on Russia in accusing Russian hackers of a string of ransomware attacks in the US.
The senior administration official said US concerns about Chinese cyber activities have been raised with senior Chinese officials. "We're not ruling out further action to hold the PRC accountable," the official said.
The US and China have already been at loggerheads over trade, China's military buildup, disputes about the South China Sea, a crackdown on democracy activists in Hong Kong and treatment of the Uyghurs in the Xinjiang region.
Blinken cited the Justice Department indictments as an example of how the US will impose consequences.
The defendants and officials in the Hainan State Security Department, a regional state security office, tried to hide the Chinese government's role in the information theft by using a front company, according to the indictment.
The campaign targeted trade secrets in industries including aviation, defense, education, government, health care, biopharmaceutical and maritime industries, the Justice Department said.
Victims were in Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland, the United Kingdom and the United States.
"These criminal charges once again highlight that China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments," Deputy US Attorney General Lisa Monaco said in the statement.
Leave a Comment