WASHINGTON – The Biden administration on Monday is expected to formally accuse the Chinese government of breaching Microsoft’s email system used by many of the world’s largest companies, governments and military contractors, according to a report. senior government officials. The United States is also set to organize a broad group of allies, including all NATO members, to condemn Beijing for cyberattacks around the world.
The unnamed official added that the United States is expected to accuse China for the first time of paying criminal groups to carry out large-scale hacks, including ransomware attacks to extort money from hackers. million dollar company. Microsoft has singled out hackers linked to China’s Ministry of State Security for exploiting vulnerabilities in the company’s email system in March; The US announcement will provide details on the methods used, and it is the first hint that the Chinese government hires criminal groups to work on their behalf.
Condemnation from NATO and the European Union is unusual, because most of their member states have been very reluctant to publicly criticize China, a major trading partner. But even Germany, whose companies were hit hard by the Microsoft Exchange hack – email systems that companies maintain themselves instead of putting them in the cloud – cites the Chinese government for its employment. surname.
Overall, though, the announcement will lack specific punitive steps against the Chinese government, such as sanctions similar to those the White House imposed on Russia in April, when it levied blames the country for the widespread SolarWinds attack that affected US government agencies and more than 100 companies.
By imposing sanctions on Russia and organizing allies to condemn China, the Biden administration has delved deeper into the digital Cold War with its two main geopolitical rivals than at any time. in modern history.
While there is nothing new about digital espionage from Russia and China – and Washington’s efforts to stop it – the Biden administration has been very active in calling both countries and organizing a response. combination.
But so far, it has not found the right combination of defensive and offensive actions to create an effective deterrent, most outside experts say. And the Russians and the Chinese have become bolder. The SolarWinds attack, one of the most sophisticated attacks ever discovered in the United States, was an attempt by Russia’s top intelligence agency to change code in widely used network management software to has access to more than 18,000 businesses, federal agencies, and consulting organizations.
China’s effort is not overly complicated, but it takes advantage of a vulnerability that Microsoft has not discovered and uses it to conduct espionage and reduce confidence in the security of systems that are not discovered by Microsoft. companies use for their primary communication. The Biden administration took months to develop what officials say is “highly confident” that the hacking of Microsoft’s email system was carried out at the behest of the Department of State Security, the senior administration official said. known to, and abetted by, private organizations who were employed by Chinese intelligence.
The attack affected tens of thousands of systems, including military contractors.
The last time China was caught in such large-scale surveillance was in 2014, when the country stole more than 22 million security verification records from the Office of Personnel Management, allowing insights into the life of the Chinese government. The lives of Americans were liberated to keep the country. secrets.
President Biden has promised to strengthen the government, making cybersecurity a focus during his summit in Geneva with Russian President Vladimir V. Putin last month. But his administration has faced questions about how it will also address the growing threat from China, especially after going public with the Microsoft hack.
Speaking to reporters on Sunday, the senior administration official acknowledged that public condemnation of China would only do so to prevent future attacks.
“No action can change China’s behavior in cyberspace,” the official said. “And it can’t be just one country acting on its own.”
But the decision not to impose sanctions on China also speaks volumes: It’s a step many allies won’t agree to take.
Instead, the Biden administration responded by engaging enough allies to openly denounce China to maximize pressure on Beijing to limit cyberattacks, the official said.
The joint statement criticizing China, issued by the United States, Australia, the United Kingdom, Canada, the European Union, Japan and New Zealand, is unusual in size. It is also the first NATO statement to publicly target Beijing for cybercrime.
The National Security Agency and the FBI are expected to reveal more details on Monday about China’s “tacticals, techniques, and procedures” in cyberspace, such as how Beijing contracts with foreign agents. criminal groups to carry out attacks for the financial gain of the government.
The FBI took an unusual step in the Microsoft hack: In addition to investigating the attacks, the agency received a court order allowing access to unpatched corporate systems and deleting elements. code left by Chinese hackers could allow further attacks. This is the first time the FBI has acted to fix an attack and investigate its perpetrators.