The United States along with its other allies, including NATO and European Union on Monday issued a strong condemnation of China's alleged broad array of malicious cyber activities. The Joe Biden administration blamed Beijing's Ministry of State Security and affiliated criminals for a sophisticated attack on software developer Microsoft’s widely used email server software earlier this year.
In comments that are likely to further damage the already strained US-China relations, a senior US official said that China's "irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world."
Here is all that we know so far about the alleged cyberattack by China.
What are the allegations?
According to the statement released by a senior US administration official, the FBI and NSA are highly confident that China's Ministry of State Security backed hackers conducted a cyberattack on the world's largest software developer Microsoft.
The allegations are that a cyber attack was carried out by China on the Microsoft Exchange email server this year. This breach had exposed the data of tens of thousands of private and public U.S. entities. The victims include several US-based schools, hospitals, cities, and pharmacies.
"China's mal-operations include criminal activities such as cyber-enabled extortion, crypto-jacking, and theft from victims around the world for financial gain.
How did China carry out the cyber attack?
The Biden administration in its report found that China hired contract hackers to carry out the unsanctioned cyber operations globally, including for their own personal profit.
Who were its targets?
The joint advisory revealed that these cyber actors targeted sectors that include managed service providers, semiconductor companies, the Defense Industrial Base (DIB), universities, and medical institutions. These cyber operations support China’s long-term economic and military development objectives, the advisory said.
How did that work?
"These scans can be automated, through Python® scripts, to locate certain files, paths, or vulnerabilities. The cyber actors can gain valuable information on the victim network, such as the allocated resources, an organization’s fully qualified domain name, IP address space, and open ports to target or exploit,” said the report.
Microsoft in one of its blog post released in March clearly blamed China-backed cyber actor for intruding into its system.
"We are sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor,' said MS at the time.
Takeaways from the report
1. The advisory, titled Chinese State-Sponsored Cyber Operations provided information on nearly 50 tactics, techniques, and procedures (TTPs) used by Chinese state-sponsored cyber actors when targeting the US and allied networks.
2. This is the first time NATO has condemned a malicious cyber action by China against any country.