US President Joe Biden said he will receive a detailed report Tuesday on the role China’s civilian intelligence agency played in using ransomware to extort money from American companies. “They are still determining exactly what happened. The investigation is not over,” the president said in response to a journalist’s question about why sanctions were not imposed against Beijing immediately after his government’s public accusation that the Chinese Ministry of State Security used criminal hackers. to conduct unauthorized cyber operations globally, from which hackers personally profited. The United States, along with NATO, the European Union, the United Kingdom, Japan, Canada, Australia and New Zealand specifically blamed China for a cyberattack in March 2021 that affected tens of thousands of organizations via Microsoft Exchange servers. . This was a type of zero-day hack in which software vendors know of a vulnerability, but do not yet have a patch to correct the flaw.
When asked by reporters why the United States has not punished Beijing for the cyberattack, White House press secretary Jen Psaki responded that “we do not allow any circumstance or financial consideration to prevent us from taking action when warranted, and Also, we reserve the option to take additional action when warranted, too. ” “This is not the conclusion of our efforts” regarding cyberattacks linked to China or Russia, Psaki added. “This is a big problem,” said Chris Painter, chairman of the Global Forum Foundation Board on Cyber Experience, who was the State Department’s first cyber diplomat, explaining on Twitter that “the coalition of countries condemning the China’s actions are unprecedented,” especially the inclusion of NATO. “The next step should include the imposition of sanctions,” said Dmitri Alperovitch, co-founder of CrowdStrike, an American cybersecurity technology company. “Since sanctions have already been used against virtually every other rogue cyber nation-state, not using them against China is a blatant oversight.” The Biden administration has voiced its opinion on a number of ransomware and other attacks attributed to groups operating in Russia, but has not directly linked those activities to the Russian government. In a face-to-face meeting with Russian President Vladimir Putin in Geneva last month, Biden threatened to take action against Moscow if cybercriminals continued to operate inside Russia unhindered.
China has consistently denied involvement in such activities.
The National Security Agency, the Infrastructure Security and Cybersecurity Agency and the Federal Bureau of Investigation, in a joint advisory issued this July 2021, said they have “observed increasingly sophisticated cyber activity sponsored by the Chinese state. Targeted at the United States political, economic, military, educational, and CI (critical infrastructure) personnel and organizations. ” “This is truly an unprecedented group of allies and partners holding China accountable,” a senior US official said in a call with reporters ahead of the public announcement. US agencies, in their public statement, said: “Chinese state-sponsored cyber actors constantly scan target networks for critical and high vulnerabilities within days of public disclosure of the vulnerability” and use “a full range of tactics and techniques to exploit interest networks around the world and acquire confidential information on intellectual, economic, political and military property “. The links between China’s Ministry of State Security and a hacking group operating from Hainan Island “are also consistent with the technical evidence that Mandiant has previously identified showing that the operators were likely located there,” said Ben Read. , Director of Analysis for Mandiant Threat Intelligence.
