What is the new cybersecurity alliance?
On Monday, July 19, the U.S. and a group of global allies publicly and officially cast blame on China for the recent, far-reaching hack of Microsoft Exchange as well as a myriad of other international cyberattacks. The cybersecurity alliance comprises the U.S., NATO member states, the European Union, the U.K., Japan, Australia and New Zealand.
The hack of Microsoft Exchange, first reported by Microsoft on March 2 of this year, exposed the data and sensitive information of tens of thousands of public and private entities all over the world. Those affected included schools, pharmacies, hospitals, and government networks.
The attack was carried out by a mysterious hacking group referred to as “Hafnium.” While the hack created disturbances and disruptions across all sectors from retail to education, speculation at the time lead experts to believe that the intended victims were defense contractors or other entities that could potentially provide government and military intelligence information.
Unlike many other hacks in recent history, the attack on Microsoft’s product was an indiscriminate, blunt force effort that resulted in a tremendous amount of collateral damage affecting those with little or nothing to do with the criminals’ goals.
Why is this new alliance a big deal?
Hafnium has been widely assumed to be associated with the Chinese state.
Official government agencies, however, have been reluctant to publicly declare that Hafnium’s hack of Microsoft Exchange was carried out at the behest of and on the payroll of Beijing until today.
According to reports, the delay in the accusation was the result of prudence in the face of an ongoing investigation.
This new alliance marks the first time that the U.S. government and its allies have officially pointed the finger at the Chinese government for its involvement in assisting bad actors in cyberattacks against other nations.
It is also the first time that NATO, a military alliance, has formally accused China of orchestrating malicious cyber attacks. The organization has explicitly called on Beijing to “act responsibly in the international system, including in cyberspace.”
A senior White House official told reporters in a briefing that “ MSS — Ministry of State Security — uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit. Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking and theft from victims around the world for financial gain.”
“On the Russian side, we sometimes see individuals moonlighting,” the official continued.
“And we see some connections between Russian intelligence services and individuals. But the MSS use of criminal contract hackers to conduct unsanctioned cyber operations globally is distinct.”
Hafnium, according to the official, was hired by the Chinese state to hack Microsoft Exchange.
What will the alliance do?
The alliance has been created to facilitate the sharing of intelligence regarding cyberthreats. The countries involved will collaborate on network defenses and cybersecurity in order to create a unified front against attack.
The alliance further intensifies and underscores the Biden administration’s efforts to identify, mitigate and address the many concerns related to cybersecurity. The U.S. has sustained a tremendous uptick in hacks and ransomware attacks since the onset of the COVID-19 pandemic.
Today’s development also moves the world towards President Biden’s goal of rallying other countries to embrace a harder, more confident stance against the Chinese government’s meddling.
The Biden administration has not ruled out taking further action against China. While today’s announcement was an assertive condemnation of the country’s actions, no sanctions have been publicly mentioned. Reportedly, the “public shaming” is said to be an important first step in holding China accountable for its actions.
In addition to international pressure, the administration plans to continue to prosecute and bring to justice malicious hackers who cause damage and disruption to the country.
What has China said?
China has not made any official statement related to today’s assertions at the time of this writing.
However, when previously asked about the Microsoft Exchange attack, a spokesperson for the Chinese Foreign Ministry said that the country “firmly opposes and combats cyberattacks and cyber theft in all forms.”
- U.S. and global allies blame China for widespread cybercrime, including massive Microsoft Exchange hack by Nancy Cordes, Kristin Brown and Nicole Sganga, CBS News, 19 July 2021
- US and allies accuse Chinese government of masterminding Microsoft Exchange cyberattack by James Vincent, The Verge, 19 July 2021
- US, NATO and EU to blame China for cyberattack on Microsoft Exchange servers by Christina Wilkie, CNBC, 19 July 2021
- Microsoft Exchange hack, explained by Jordan Novet, CNBC, 9 March 2021
- China Was Responsible for Microsoft Exchange Server Hack, Says US by Shannon Vavra, The Daily Beast, 19 July 2021
Microsoft Exchange email hack was caused by China, US says by Eric Tucker, Los Angeles Times, 19 July 2021