Chinese intelligence hackers were instrumental in using ransomware to extort U.S. companies, the White House said on Monday.
The announcement was part of a larger effort by the United States and a larger group of allies, including the European Union, NATO, the United Kingdom, Australia and Japan, to condemn the Chinese government. for “malicious cyber activity,” a senior White House official told reporters on a call Sunday night. The official asked not to be identified as a condition for participating in the appeal.
The move marks a significant escalation in a ten-year effort by the United States to combat Chinese government hacking. And it’s an example of how the Biden administration is trying to recruit allies in a bid to change China’s behavior, after four years of Trump administration unilateralism.
“The compromise and operation of the Microsoft Exchange server has compromised the security and integrity of thousands of computers and networks around the world,” the Council of the European Union said in a statement released Monday. “This irresponsible and harmful behavior has resulted in significant security risks and economic losses for our government institutions and private businesses, and has shown significant fallout and systemic effects for our security, economy and society as a whole. “
Much of the joint announcement is about the discovery and exploitation of a flaw in Microsoft’s Exchange software this year, the official said.
Hackers who were quickly identified by the U.S. government and private cybersecurity experts as likely to be affiliated with China’s Ministry of State Security, or MSS, began using the loophole in January. start hacking businesses, apparently as part of China’s conventional espionage operations. Other hackers believed to be linked to the MSS in the United States then launched ransomware attacks using the loophole.
The United States has previously accused some Chinese intelligence hackers of using their moonlight skills as cybercriminals for extra money. Monday’s announcement marks the first time the United States has accused China of encouraging ransomware attackers.
It is not known how successful the ransomware attacks were or whether hackers working for the MSS directly carried them out or relied on cybercriminal affiliates. But the official said requests had been made.
“In some cases we know where [People’s Republic of China] Government-affiliated cyber operators have carried out ransomware operations against private companies that have included ransom demands of millions of dollars, ”the official said.
Biden administration is under pressure to curb ransomware attacks, a criminal hacking tactic that locks down a victim’s computer, demanding money in exchange for a promise to fix it and withhold files sensitive.
Most of the more prolific ransomware operators are believed to be operating in and around Russia, which led President Joe Biden to say that the United States would take direct action against hackers if Russian President Vladimir Putin did not. did not intervene. While some ransomware groups have disappeared, it is not clear whether any of the White House’s actions had any effect.
The Microsoft Exchange hack led to a high profile spy campaign that quickly turned into several ransomware attacks. The hackers who started exploiting the vulnerability appeared to act like most government hackers, spying on conventional government and corporate targets.
But something curious then happened: State-sponsored hacker groups usually keep the discovery of key software vulnerabilities to themselves, but other hacker groups, including criminal groups, soon began to exploit. the flaw, which led to speculation about who made it public. It was used to deploy ransomware attacks soon after.
It is not known how many organizations were targeted or if any of the attacks were successful. But there have been multiple attacks, the official said, including at least one against a US target.
“It surprised us, and in fact, one of the reasons we’ve put so much work into this award is that it really gave us new insight into the work of MSS and the kind of aggressive behavior we’re seeing coming out. . from China, ”the official said.
“I can’t give more details on the ransomware attack, but that was literally what we think of with the ransomware: a ransom demand – a big ransom note – made to an American company,” said the manager.
Ken dilanian contributed.