CHINA today sharply denied United States allegations it carried out a massive Microsoft hack, countering that Washington was the “world champion” of cyber-attacks while raging at American allies for signing up to a rare joint statement of condemnation.

The US yesterday accused Beijing of carrying out the cyber-attack on Microsoft and charged four Chinese nationals over the “malicious” hack in March.

US Secretary of State Antony Blinken said the attack on Microsoft Exchange, a top email server for corporations around the world, was part of a “pattern of irresponsible, disruptive and destabilising behaviour in cyberspace, which poses a major threat to our economic and national security.”

China’s Ministry of State Security, or MSS, “has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain,” Blinken said in a statement.

In a simultaneous announcement, the US Department of Justice said four Chinese nationals had been charged with hacking the computers of dozens of companies, universities and government bodies in the US and abroad between 2011 and 2018.

Pointing to the indictment, Blinken said the US “will impose consequences on (Chinese) malicious cyber actors for their irresponsible behavior in cyberspace.”

President Joe Biden told reporters the US was still completing an investigation before taking any countermeasures and drew parallels with the murky but prolific cybercrime attributed by Western officials to Russia.

“The Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it, and maybe even accommodating them being able to do it,” Biden told reporters.

In a step the Biden administration hailed as unprecedented, the US coordinated its statement yesterday with allies – the European Union, Britain, Australia, Canada, New Zealand, Japan and NATO.

The Chinese embassy in New Zealand issued a swift rebuttal of the “totally groundless and irresponsible” allegations.

It was backed up by the embassy in Australia, as China took a coordinated stance of its own, accusing Canberra of “parroting the rhetoric of the US.”

“It is well known that the US has engaged in unscrupulous, massive and indiscriminate eavesdropping on many countries including its allies,” the embassy said in a statement.

“It is the world champion of malicious cyber-attacks.”

NATO solidarity

Biden, like his predecessor Donald Trump, has ramped up pressure on China, seeing the rising Asian power’s increasingly assertive moves at home and abroad as the main long-term threat to the US.

Allies backed up the castigation of China with British Foreign Secretary Dominic Raab describing the cyberattack as “reckless.”

NATO offered “solidarity” over the Microsoft hacking without directly assigning blame, while noting that allies US, Britain and Canada found China to be responsible.

Billions seen lost

Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, praised the “breadth and depth of international cooperation” in clearly attributing responsibility to China.

“In addition to the indictments, we need to follow through to ensure there are consequences to induce changes in the Chinese government’s behaviour and hopefully move toward levelling the cyber playing field,” he said.

The Microsoft hack, which exploited flaws in the Microsoft Exchange service, affected at least 30,000 US organisations including local governments as well as organizations worldwide.

“Responsible states do not indiscriminately compromise global network security nor knowingly harbor cyber criminals – let alone sponsor or collaborate with them,” Blinken said in his statement.

“These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll.” – AFP, July 20, 2021.