WASHINGTON – A new alliance of NATO member states, the EU, Australia, New Zealand and Japan come together to confront the global threat of Chinese state-sponsored cyber attacks.
In its first joint action on Monday, the alliance will publicly accuse China’s State Security Ministry of a massive cyber attack on Microsoft Exchange email servers earlier this year.
The attack was carried out by criminals with criminal contracts working for MSS, who also engage in cyber-enabled extortion, cryptojacking and ransomware, the official said.
The group will share intelligence on cyber threats and cooperation on network defense and security, said a senior official from the Biden administration, who requested anonymity to discuss a national security effort.
Also on Monday, the FBI, National Security Agency and Cybersecurity and Infrastructure Security Agency released a new advisory list of 50 tactics, techniques and procedures used by Chinese state-sponsored hackers.
The cheeky Microsoft Exchange server attack went public in March and is believed to have affected at least 30,000 US organizations and hundreds of thousands more worldwide.
Microsoft quickly identified the group behind the hack as a relatively unknown Chinese espionage network called Hafnium.
Until now, the United States has stopped short of publicly blaming Beijing for the attack.
The delay in naming China was partly to give investigators time to gather the evidence to prove that the Hafnium hackers were on the Chinese state’s payroll, the official said.
It was also important for the United States to act with its allies when making the public attribution, the official said.
At a time when cyberwarfare is becoming the front line in a global power struggle between democracies and autocratic states, the new cyber security alliance could become a model for future efforts to confront transnational threats.
The joint announcements on Monday build on President Joe Biden’s efforts earlier this summer to rally support among NATO and EU allies for a more confrontational approach to China.
They also come amid a growing number of economic and diplomatic sanctions imposed by the Biden administration on Beijing this year in response to alleged human rights violations in Hong Kong and in Xinjiang province.
On Friday, the United States sanctioned seven Chinese officials in response to Beijing’s breakdown of Hong Kong’s democratic institutions.
The United States also issued a business advisory warning U.S. companies of potential data and privacy breaches by the Chinese government if they continue to do business in Hong Kong.
In response, a Chinese Foreign Ministry spokesman accused the United States of “interfering” in its internal affairs.
For now, the newly launched cyber security alliance is focused on cooperating security and threat alerts and not on retaliation.
The White House has raised the Microsoft attacks with senior members of the Chinese government, “making it clear that [People’s Republic of China] actions threaten the security, trust and stability of cyberspace, “said the senior official.
But Beijing’s economic strength around the world makes it extremely difficult for any group of countries to agree on concrete actions against China.
“We do not rule out further actions [China] responsible, “said the senior official,” but we are also aware that no action can change China’s behavior, nor can a country act alone. So we really initially focused on bringing other countries with us. “