22 July 2021

Biden Goes After China’s Cyber Attackers

PATRICK TUCKER

U.S. officials announced new measures aimed at exposing and disrupting China’s government-sponsored cyber criminal activities, including enlisting key NATO and other allies to reveal new details about the methods by which some massive cyber attacks have affected thousands of government and private networks in the United States, and how to protect against them.

The officials said the international effort was a direct output of President Joe Biden’s first foreign trip to meet with G7 and NATO leaders, last month. It also may be the first step in a new multilateral coalition of allies that could eventually impose economic penalties on the Chinese government, similar to those that some Western states have placed on Russia. But those penalties aren’t here yet.

A senior administration official told reporters on Sunday that the United States had convinced allies to name China’s Ministry of State Security as a key player in various criminal cyber activities. The official gave no indication that economic penalties would be arriving soon.

Instead, the White House on Monday released a fact sheet co-authored by the National Security Agency, Cybersecurity Infrastructure & Security Agency, and the FBI detailing 50 ways that criminal actors, allegedly sponsored by the Chinese government, attack Western networks, and how to defend against them.

“Chinese state-sponsored cyber actors aggressively target U.S. and allied political, economic, military, educational, and critical infrastructure (CI), personnel and organizations to steal sensitive data, critical and emerging key technologies, intellectual property, and personally identifiable information (PII),” the fact sheet says.

Regarding one of those targets, the senior official said, “The United States government, alongside our allies and partners, will formally attribute the malicious cyber campaign utilizing the zero-day vulnerabilities in the Microsoft Exchange Server disclosed in March,” referring to a massive hack aimed at Microsoft cloud services that likely comprised as many as 30,000 U.S. organizations. Those allies and partners include the European Union, the United Kingdom, Australia, Canada, New Zealand, Japan, and NATO.

“No one action can change China’s behavior in cyberspace and neither can just one country acting on its own. Our allies and partners are a tremendous source of strength and a unique American advantage, and our collective approach to cyber threat information sharing, defense,” said the official. “Hence, these efforts — our cooperation with the EU, NATO, and the Five Eyes countries in this effort — will allow us to enhance and increase information sharing, including cyber-threat intel and network defense information with public and private stakeholders, and expand diplomatic engagement to strengthen our collective cyber resilience and security cooperation.”

The official also said that the United States and key allies were now ready to name China as a supporter of the same sort of cyber criminal sponsorship of which the United States and others have accused Russia. “We sometimes see individuals moonlighting. And we see, you know, some connections between Russian intelligence services and individuals. But this kind of — the [Chinese Ministry of State Security] use of criminal contract hackers to conduct unsanctioned cyber operations globally is distinct,” said the official.

That could lay the groundwork for the United States to press allies such as the European Union to place new sanctions on China for its sponsorship of such activities. Precedent shows that European allies might be willing to extend economic sanctions on China, as the EU did in May. The United States, conversely, has largely relied on the Department of Justice to target Chinese operators individually but has not imposed sanctions on China for cyber activity.

The White House fact sheet set to be released on Monday shows “how the [Ministry of State Security] is using criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit,” said the official, calling it, “very significant.” The announcements will show “the cyber-enabled extortion, crypto-jacking -- again, all for financial gain of PRC-government-affiliated cyber operators,” said the senior official.

Dmitri Alperovitch, head of the Silverado policy think tank, called it an “impressive coalition to denounce China,” but said “the next step has to have penalties.”

No comments: