The EU, the U.K., and NATO on Monday joined the US in condemning cyberattacks on Microsoft Exchange servers which affected at least 30,000 organizations globally by hackers based in China, though the EU stopped short of blaming the Chinese government. Australia, Japan, New Zealand, and Canada also joined the coalition, as U.S. President Joe Biden’s administration opened a new front against China by mustering a wider network of like-minded partners.
“The EU and its Member States strongly denounce these malicious cyber activities, which are undertaken in contradiction with the norms of responsible state behaviour as endorsed by all UN Member States,” the EU said in a statement.
The attack was carried out by criminal contract hackers working for the MSS who also engage in cyber-enabled extortion, cryptojacking, and ransomware, the official said. The group will share intelligence on cyber threats and collaborate on network defenses and security said a senior Biden administration official who requested anonymity to discuss a national security effort.
Also Monday, the FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency released a new advisory listing 50 tactics, techniques, and procedures that Chinese state-sponsored hackers employ. The brazen Microsoft Exchange server attack became public in March and is believed to have hit at least 30,000 American organizations and hundreds of thousands more worldwide.
Microsoft quickly identified the group behind the hack as a relatively unknown Chinese espionage network dubbed Hafnium. Until now, the United States has stopped short of publicly blaming Beijing for the attack. The delay in naming China was partly to give investigators time to assemble the evidence to prove that the Hafnium hackers were on the Chinese state payroll, the official said.
It was also important for the United States to act in concert with its allies when it made the public attribution, said the official. At a time when cyber warfare is becoming the front line in a global power struggle between democracies and autocratic states, the new cybersecurity alliance could become a model for future efforts to confront transnational threats. The joint announcements Monday build on President Joe Biden’s effort earlier this summer to rally support among NATO and EU allies for a more confrontational approach to China.
They also come amid a rising number of economic and diplomatic sanctions the Biden administration has imposed on Beijing this year, in response to alleged human rights abuses in Hong Kong and in Xinjiang province. On Friday, the United States sanctioned seven Chinese officials in response to the Beijng’s crackdown on Hong Kong’s democratic institutions. The U.S. also issued a business advisory, warning U.S. firms of potential data and privacy breaches by the Chinese government if they continue to do business in Hong Kong.
In response, a Chinese foreign ministry spokesperson accused the United States of “meddling” in its internal affairs. For now, the multinational cybersecurity effort is focused on cooperative security and threat alerts, and not on retaliation. The White House has raised the Microsoft attacks with senior members of the Chinese government, “making clear that the [People’s Republic of China] actions threaten security, confidence, and stability in cyberspace,” said the senior official.
But Beijing’s economic might around the world makes it exceedingly difficult for any group of countries to agree on concrete actions against toward China. “We’re not ruling out further actions to hold [China] accountable,” said the senior official, “but we’re also aware that no one action can change the PRC’s behavior, and neither can one country acting on its own. So we really focused initially in bringing other countries along with us.”
