After confronting Russian President Vladimir Putin on cybersecurity at their summit last month, U.S. President Joe Biden is rallying allies to accuse China of sponsoring cybercriminal activity across the globe.
A senior Biden administration official outlined the campaign in press call with reporters late Sunday, saying that “the United States has long been concerned about the People’s Republic of China’s irresponsible and destabilizing behavior in cyberspace.”
“The PRC’s pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world,” the official said.
The official highlighted three points for the action plan to be unveiled Monday.
First, it would include “an unprecedented group of allies and partners—including the European Union, the United Kingdom, Australia, Canada, New Zealand, Japan, and NATO,” all alleging that China’s Ministry of State Security “uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit.”
“Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking, and theft from victims around the world for financial gain,” the official said. “In some cases, we’re aware of reports that PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars.”
Secondly, the National Security Agency, Cybersecurity and Infrastructure Security Agency, and Federal Bureau of Investigation (FBI) would issue a joint advisory that “will expose over 50 tactics, techniques, and procedures Chinese state-sponsored cyber actors used when targeting U.S. and allied networks, along with advice for technical mitigations to confront this threat,” the official said.
The 31-page advisory, obtained by Newsweek, goes into detail about observed activity attributed to China and the hackers its been accused of hiring, arguing that “Chinese state-sponsored cyber actors aggressively target U.S. and allied political, economic, military, educational, and critical infrastructure (CI) personnel and organizations to steal sensitive data, critical and emerging key technologies, intellectual property, and personally identifiable information (PII).”
The third point mentioned by the senior administration on Sunday’s call marked the most direct step yet.
“The United States government, alongside our allies and partners, will formally attribute the malicious cyber campaign utilizing the zero-day vulnerabilities in the Microsoft Exchange Server disclosed in March—a number of months ago—to malicious cyber actors affiliated with the MSS with high confidence,” according to the official.
The attack reportedly affected up to 30,000 servers in the U.S. alone, with thousands more victims abroad.
The U.S. has previously accused Russia of both conducting state-backed cyberattacks and tolerating criminal cyber collectives within its territory. In March, Biden slapped a new round of sanctions on Moscow in response to last year’s massive SolarWinds hack and has called on Putin to take action against Russian hackers.
The Kremlin has repeatedly rejected any notions of collusion with cyber collectives and has signaled a willingness to crack down on such behavior in the interest of bilateral cooperation on cyber issues.
The senior administration official on Sunday contrasted the behavior U.S. officials have observed coming from Russia and China.
“On the Russian side,” the official said, “we sometimes see individuals moonlighting. And we see, you know, some connections between Russian intelligence services and individuals, but this kind of—the MSS use of criminal contract hackers to conduct unsanctioned cyber operations globally is distinct.”
The official called the alleged Chinese government tactics “really eye-opening and surprising for us.”
Washington views both Beijing and Moscow as two of its top global competitors, but the latter has increasingly become the focus of U.S. foreign policy efforts to maintain dominance in various fields, including cyber.
Chinese officials have routinely denied any wrongdoing in the cyber realm and have instead accused the U.S. of engaging in global espionage campaigns.
Late last month, Chinese permanent representative to the United Nations Zhang Jun called for international unity in approaching cybersecurity during a U.N. General Assembly debate.
“In cyberspace, countries not only enjoy shared opportunities and common interests, but also face common challenges and assume shared responsibilities,” Zhang was cited as saying at the time by the Chinese Foreign Ministry. “They are increasingly becoming a community with a shared future through weal and woe. The international community should work together in a joint effort to protect cyber security and maintain international peace.”
He said world powers “should promote security through the maintenance of peace and prevent cyberspace from becoming a new battlefield.”