The US government officially attributes the cyber attack, in which so-called zero-day vulnerabilities in Microsoft Exchange servers were exploited, to hackers who are contractually linked to the Ministry of State Security in Beijing. There is a “high security” for this assessment, said high-ranking US government officials on Monday night. The US State Department said the Department of State Security maintained an “ecosystem of criminal contract hackers” who both worked on behalf of the state and engaged in criminal activities for their own financial interests.
The allegations are tough: The People’s Republic is said to have tried to steal information and technology from the USA on a large scale. The attacks were exposed in March. The attackers targeted hundreds of thousands of servers belonging to companies, government agencies and other institutions, through which they handle their e-mail traffic. Even then, Microsoft suspected a state hacker group from China called Hafnium behind the incidents.
The gaps had been used in a targeted manner months earlier. Shortly before an update by Microsoft, the hackers then started firing the attacks automatically. They were able to penetrate hundreds of thousands of computer systems around the world and install digital back doors that allow them access.
According to the Federal Office for Information Security, thousands of companies in Germany have been victims of infiltration, as have several federal authorities. At that time, the BSI declared the highest warning level red. The targets of the attack in the USA included arms companies, research institutions working on the corona pandemic, authorities and companies.
An unprecedented alliance in its breadth
Now the USA, the EU, NATO, Australia and New Zealand as members of the Five Eyes secret service alliance and Japan have joined forces and called on China to stop such cyberattacks from within the country. At the G-7 summit in Great Britain and at the NATO summit in Brussels, US President Biden had asked the allies for support for a more decisive approach. It is an alliance that is unprecedented in its breadth – but goes differently in directly accusing government agencies in Beijing of the attacks.
In a Declaration by the EU Foreign Representative Josep Borrell said the EU and its member states assumed that the hacking attacks came from two groups “operating from the territory of China”. Their aim was espionage and the theft of intellectual property. The Chinese government is called on to stop such attacks. However, the EU does not hold the Ministry of State Security or other government institutions specifically responsible for the attacks.
On the other hand said British Foreign Secretary Dominic Raabthat the attack was carried out by “state-sponsored Chinese groups”. The Ministry of State Security is behind the activities of the groups APT40 and APT31, which are also mentioned by the EU. In the It was called NATO, one recognizes corresponding declarations from member states such as Great Britain, Canada or the USA. Otherwise the declaration is more general and calls on “all states, including China, to comply with their international obligations”.
Deterrence is the goal
The public attribution of cyber attacks is intended to deter the perpetrators from further attacks. The so-called “naming and shaming”, according to the calculation, drives up the political price for espionage and criminal activities. US government officials stressed that China’s behavior was in contradiction to “the declared goal of being seen as a responsible leadership power”. The attribution also signals that the USA and other states have developed forensic techniques with which they can reliably identify the perpetrators of attacks.
The US also accuses China of hackers under contract with the Ministry of State Security attacking US companies and companies in other countries in order to gain wealth. This is done with the knowledge of Chinese government agencies, it said. In at least one case, a US company was the target of a ransomware attack in which the hackers demanded a ransom in the millions.
In such attacks, attackers encrypt data on a system, making it unusable for the rightful owner. You will then ask for a payment to make the data accessible again. The latest headlines were an attack on the US company Colonial Pipeline, which is attributed to cybercriminals in Russia. The company had to shut down its entire pipeline network, which led to bottlenecks in the supply of gasoline and diesel on the east coast of the USA and exposed the vulnerability of vital infrastructures.
Biden continues to aggressively deal with cyberattacks with the allegations against China. The US had already publicly blamed Russia for another attack using Solar Winds software. As a result, the US imposed financial sanctions on Russia. The Kremlin has rejected any involvement in the attacks.
Biden had also raised the issue at his summit meeting with Russian President Vladimir Putin in Geneva and warned him of the consequences should Russia carry out further attacks or allow cybercriminals to attack targets in the US from its territory. Senior US government officials left it open whether sanctions should now also be imposed on China. They reserve the right to take further action to hold China accountable, it said.
According to its own statements, the USA has confronted high representatives of the Chinese government with the allegations. There was initially no official reaction from Beijing. The government had previously stated that China was itself a victim of hacker attacks and condemned all forms of cybercrime.