U.S. President Joe Biden said he is to receive a detailed report Tuesday about the role China’s civilian intelligence agency played in using ransomware to extort American businesses.
“They're still determining exactly what happened. The investigation is not finished,” the president said on Monday in response to a reporter’s question about why no sanctions against Beijing immediately followed his government’s public accusation that China’s Ministry of State Security used criminal contract hackers to conduct unsanctioned cyber operations globally, from which the hackers personally profited.
The United States, along with NATO, the European Union, the United Kingdom, Japan, Canada, Australia and New Zealand on Monday specifically blamed China for a cyberattack in March that affected tens of thousands of organizations via Microsoft Exchange servers.
This was a type of zero-day hack where a vulnerability is known to software vendors, but they do not yet have a patch in place to fix the flaw.
Asked by reporters why the U.S. hasn’t punished Beijing for the cyberattack, White House press secretary Jen Psaki replied that “we are not allowing any economic circumstance or consideration to prevent us from taking actions where warranted, and also, we reserve the option to take additional actions where warranted, as well.”
“This is not the conclusion of our efforts” concerning cyberattacks linked to China or Russia, Psaki added.
“This a big deal,” said Chris Painter, president of the Global Forum on Cyber Expertise Foundation Board, who was the State Department’s first cyber diplomat, explaining on Twitter that “the coalition of countries condemning China’s actions is unprecedented,” especially the inclusion of NATO.
“The next step needs to include imposition of sanctions” said Dmitri Alperovitch, a co-founder and former chief technology officer of CrowdStrike, an American cybersecurity technology company. “Given that sanctions have already been used against virtually every other rogue cyber nation-state, not using them against China is a glaring oversight.”
Biden’s administration has been vocal about a series of ransomware and other attacks blamed on groups operating in Russia, but it has not directly linked those activities to the Russian government.
In a face-to-face meeting with Russian President Vladimir Putin in Geneva last month, Biden threatened to take action against Moscow if cybercriminals continued to operate inside Russia unhindered.
China has consistently denied being involved in such activities.
The National Security Agency, the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation, in a joint advisory issued Monday, said they “have observed increasingly sophisticated Chinese state-sponsored cyber activity targeting U.S. political, economic, military, educational, and CI (critical infrastructure) personnel and organizations.”
“This is really an unprecedented group of allies and partners holding China accountable,” a senior U.S. official said in a call with reporters prior to the public announcement.
The U.S. agencies, in their public statement, said, “Chinese state-sponsored cyber actors consistently scan target networks for critical and high vulnerabilities within days of the vulnerability’s public disclosure” and use “a full array of tactics and techniques to exploit computer networks of interest worldwide and to acquire sensitive intellectual property, economic, political and military information.”
The links between China’s Ministry of State Security and a hacking group operating out of Hainan island are “also consistent with technical evidence that Mandiant has previously identified showing that operators were likely located there,” Ben Read, director of analysis at Mandiant Threat Intelligence, told VOA.
Representative Jim Langevin, who chairs a House subcommittee on cyber issues, said he had hoped attributing the attack to China “could have come sooner than three months since the Microsoft Exchange Server hacking campaign was first disclosed.”
In a statement, the Rhode Island Democrat predicted similar expansive cyber campaigns from the Chinese Communist Party, and “when the time comes, we must be prepared to once again marshal the international community against China’s destabilizing operations and work towards building a safe cyberspace for all.”
Jeff Seldin contributed to this report.