In a direct swipe at Beijing’s ruling government, the Biden administration accused China on Monday of being behind a series of cyberattacks on US companies while the Department of Justice revealed criminal charges against four specific Chinese nationals for attacking businesses and networks in the maritime, aviation, defense, education, and healthcare industries. The administration also specifically said that Chinese actors were behind the large-scale hack of Microsoft Exchange that began in January 2021, as well as other ransomware attacks. According to the White House statement, Chinese hackers appeared to have high-level approval for the “malicious cyber activity” and “irresponsible state behavior.”
“The PRC’s pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world,” the White House statement reads. “Today, countries around the world are making it clear that concerns regarding the PRC’s malicious cyber activities is bringing them together to call out those activities, promote network defense and cybersecurity, and act to disrupt threats to our economies and national security.”
Along with being a direct accusation, the statement is a step up in the kind of digital crimes the US is accusing China of. China’s military has had dedicated cyber and digital forces for decades, such as PLA Unit 61398. The White House’s announcement accused Beijing of engaging in contract work with criminal enterprises outside the Chinese government.
“The United States is deeply concerned that the PRC has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit,” the statement reads.
In the release, the Biden administration said that the Chinese Ministry of State Security has used “criminal contract hackers” for a wide range of for-profit hacking activities worldwide, including the hack of Microsoft. An administration official told CNN that Chinese ransom demands could be in the “millions of dollars.”
“What we found really surprising and new here was the use of criminal contract hackers to conduct this unsanctioned cyber operation and really the criminal activity for financial gain,” a senior administration official told CNN. “That was really eye-opening and surprising for us.”
Biden administration officials and the Department of Justice also announced charges Monday against four Chinese nationals accused of hacking US institutions on behalf of China’s MSS. The charges include running a multiyear hacking campaign targeting foreign governments and maritime, aviation, defense, education, and healthcare entities in at least a dozen countries.
In charges delivered by a federal grand jury in May and revealed Monday, four Chinese citizens were charged with stealing “technologies used for submersibles and autonomous vehicles, specialty chemical formulas, commercial aircraft servicing, proprietary genetic-sequencing technology and data, and foreign information to support China’s efforts to secure contracts for state-owned enterprises within the targeted country,” according to a US Department of Justice release. The hackers also allegedly targeted research institutes and universities, including infectious-disease research related to Ebola, MERS, HIV/AIDS, Marburg, and tularemia.
“These criminal charges once again highlight that China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments,” Deputy Attorney General Lisa Monaco said in the DOJ statement. “The breadth and duration of China’s hacking campaigns, including these efforts targeting a dozen countries across sectors ranging from healthcare and biomedical research to aviation and defense, remind us that no country or industry is safe.”
In an admission which may surprise many, officials from the Biden administration told CNN that Chinese hackers, like the ones charged on Monday, have closer ties to the Chinese government than Russian hackers generally do to the Kremlin.
The Biden administration said that at least one American company had been previously targeted in a ransomware attack purportedly carried out by agents working in association with Chinese intelligence, during which these agents demanded millions of dollars.
“The PRC’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts,” the statement from the White House reads.