BEIJING (BLOOMBERG) - China rejected accusations by the US, UK and their allies that actors linked to the Asian nation’s government were behind the Microsoft Exchange hack and other “malicious cyber activities.”
“The US ganged up with its allies and launched an unwarranted accusation against China on cybersecurity,” Chinese Foreign Ministry spokesman Zhao Lijian said Tuesday (July 20) at a regular press briefing in Beijing.
“It is purely a smear and suppression out of political motives. China will never accept this.”
Mr Zhao added that the details released by the US “do not constitute a complete chain of evidence.
In fact, the US is the largest source of cyber attacks in the world.” The group of nations said the Chinese government has been the mastermind behind a series of malicious ransomware, data theft and cyber-espionage attacks against public and private entities, including the sprawling Microsoft Exchange hack earlier this year.
The accusations added to tensions between China and the US over issues ranging from policies in the western region of Xinjiang and Hong Kong to the origins of the coronavirus.
The Biden administration warned investors last week about the risks of doing business in the Asian financial hub, issuing an advisory saying China’s push to exert more control over the city threatens the rule of law and endangers employees and data.
“The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not,” UK Foreign Secretary Dominic Raab said in a statement.
President Joe Biden told reporters at the White House on Monday that the investigation isn’t finished but that the Chinese government bears responsibility. His administration said that it was joining with European nations to expose the scale of China’s activity and will take steps to counter it.
The group of nations attributing the attack to China includes Australia, Canada, New Zealand, Japan and Nato, marking the first condemnation by the North American-European alliance on China’s cyber activities, according to a senior Biden administration official.
“Under US encouragement, Nato has made cyberspace a new battlefield,” Mr Zhao said at the briefing in Beijing.
“The introduction of the military alliance into cyberspace, not only does little to achieve one’s own security, but may instead provoke a cyber arms race and enhance the risk of friction and disputes in cyberspace, and may undermine international peace and security.”
As part of the announcement, the National Security Agency, the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation detailed more than 50 tactics Chinese state-sponsored cyber hackers used when targeting US and allied networks, including spearphishing emails with malicious attachments, exploitation of public-facing applications and drive-by compromise.
Microsoft Corp welcomed the global effort to attribute the attacks and called for future accountability.
The company has previously attributed the hack to Chinese actors the software giant called Hafnium. The US’s assessment appears to support Microsoft’s conclusions, attributing the hack to MSS-affiliated actors with “a high degree of confidence,” according to the fact sheet.
The attack against Microsoft’s Exchange email servers exploded over two weeks between late February and early March. Microsoft first released software patches on March 2 to fix the critical vulnerabilities exploited in the hack.
The attack exposed tens of thousands of victim email systems, including those of health-care facilities, manufacturers, energy companies, and state and local governments.