The Chinese government has been accused of “systematic cyber sabotage” in statements by the UK and allies, including the US and Canada.
The allies are announcing that they believe Chinese state-sponsored hackers were responsible for an attack earlier this year which “indiscriminately” compromised an estimated 400,000 servers worldwide, leaving them exposed to criminals.
More than 70 organisations in the UK were compromised by the hack, perpetrated by a group associated with Beijing according to the National Cyber Security Centre. This attribution has been supported by allies.
Foreign Secretary Dominic Raab described the hacking campaign – which is believed to have compromised the on-premise email servers indiscriminately with an intention to subsequently target specific victims – as “a reckless but familiar pattern of behaviour” from the Chinese government.
The hack of Microsoft Exchange servers earlier this year caused significant concern as the state-sponsored hackers left the victim networks open to additional attacks from criminals.
At the time the UK’s National Cyber Security Centre, a part of GCHQ, warned businesses to urgently update their email servers to ensure that criminals did not exploit them.
In his statement attributing the campaign to China, Mr Raab said that Beijing “must end this systematic cyber sabotage and can expect to be held [to] account if it does not”.
The compromise of Microsoft Exchange servers “undermined the security and integrity of thousands of computers and networks worldwide,” including in the EU, the bloc said in its statement, allowing “access to a significant number of hackers that have continued to exploit the compromise to date”.
The European Union said the activities “have been conducted from the territory of China” and urged Chinese authorities to “not allow its territory to be used for malicious cyber activities”.
“This irresponsible and harmful behaviour resulted in security risks and significant economic loss for our government institutions and private companies, and has shown significant spill-over and systemic effects for our security, economy and society at large,” the EU added.
The joint attribution comes as the US unsealed charges against four named Chinese nationals alleged to be working with the Ministry of State Security, the Chinese Communist Party’s principal intelligence organisation.
These individuals are accused of hacking into “dozens of victim companies, universities and government entities… between 2011 and 2018,” with victims in the US as well as “Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom”.
It is the second time that the UK and allies have officially accused the Chinese government of hacking, with the previous condemnation coming in 2018 regarding thefts of trade secrets.
At that time the US Department of Justice also charged two identified Chinese nationals who again worked as contractors for the state’s intelligence apparatus.
In a statement from the White House, the US said that the Chinese government’s “pattern of irresponsible behaviour in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world”.
The contractors used by Beijing’s intelligence apparatus for espionage are described as also conducting “unsanctioned cyber operations worldwide… for their own personal profit” including ransomware attacks and theft of cryptocurrencies.
Beijing’s “unwillingness to address criminal activity by contract hackers” in has led to the loss of billions of dollars “in lost intellectual property, proprietary information, ransom payments, and mitigation efforts”, the White House added, calling for China to address the issue.
The US also celebrated its allies and partners as “a tremendous source of strength and a unique American advantage,” adding: “Our collective approach to cyber threat information sharing, defence, and mitigation helps hold countries like China to account.”
A spokesperson from the Chinese embassy in London did not immediately offer a statement in response.
Analysis: Calling out China is a mark of alarm
By Deborah Haynes, foreign affairs editor
The decision by the UK and its allies to call out China over what they describe as “systemic cyber sabotage” is a mark of alarm at an escalating pattern of hostile attacks.
It is also a sign that attempts by British and other foreign officials to raise concerns privately with the Chinese government about bad behaviour in cyberspace have failed to fix the problem.
Naming and shaming a country is the next step up a ladder of responses that the UK, the US and other like-minded allies use to counter attacks launched by hostile states online.
A next step up would be sanctions, though that has not happened yet.
Calling out China is not a move taken lightly as Beijing will be sure to respond angrily and to deny the allegations.
It is perhaps telling, then, that the UK and the United States directly accused Beijing over the Microsoft Exchange hack and other hostile activities.
By contrast the European Union – perhaps wanting to limit any relationship damage – pulled its punches, simply saying the hacking “was conducted from the territory of China” rather than directly blaming the state.