• Beijing rejects claim that it employs ‘criminal contract hackers’
• NATO, EU and Britain back US after Microsoft exchange attack
China on Tuesday angrily rejected allegations by the United States and an unusually broad coalition of countries that it carried out cyberattacks against them.
The US on Monday blamed China’s Ministry of State Security of a global cyber hacking campaign and said it was likely behind a massive hack on Microsoft’s email server earlier this year.
But China’s embassies shot back on Tuesday, saying that Washington was the “world champion” of cyber attacks and criticised other nations for signing up to a joint statement of condemnation.
The Foreign Ministry in Beijing said the accusation by the United States and its allies was unwarranted.
Foreign ministry spokesman Zhao Lijian said the claim was “fabricated out of thin air” for political goals.
“China will absolutely not accept this,” he told a regular news conference in Beijing. China does not engage in cyberattacks, and the technical details Washington has provided “do not constitute a complete chain of evidence”, he said.
Chinese embassies or missions in at least five countries – Norway, Canada, Britain, New Zealand and the United States – denounced the allegations, according to the South China Morning Post.
“The Chinese diplomatic mission in Brussels said China was itself a major victim of cyberattacks, citing an official 2020 report which said about 5.31 million hosts on the Chinese mainland were controlled by about 52,000 overseas servers, severely harming China’s national security, economic and social development, as well as people’s lives,” the Hong Kong news outlet said.
Secretary of State Antony Blinken said the attack on Microsoft Exchange, a top email server for corporations around the world, was part of a “pattern of irresponsible, disruptive and destabilising behaviour in cyberspace, which poses a major threat to our economic and national security.”
China’s Ministry of State Security, or MSS, “has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain,” Blinken said in a statement.
The US Department of Justice said four Chinese nationals had been charged with hacking the computers of dozens of companies, universities and government bodies in the United States and abroad between 2011 and 2018.
President Joe Biden said the US was still completing an investigation before taking any counter-measures and drew parallels with the murky but prolific cybercrime attributed by Western officials to Russia.
States may be helping hackers: Biden
“The Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it, and maybe even accommodating them being able to do it,” Biden told reporters.
In a step hailed as unprecedented, the United States coordinated its statement with allies – the European Union, Britain, Australia, Canada, New Zealand, Japan and NATO.
The announcement, opens a new area of tension with China, came a month after G7 and NATO leaders agreed with President Joe Biden at summits in England and Brussels in accusing China of posing systemic challenges to the world order.
The Chinese embassy in New Zealand issued a swift rebuttal, saying the allegations were “totally groundless and irresponsible”.
It was backed by the embassy in Australia, as China took a coordinated stance of its own, accusing Canberra of “parroting the rhetoric of the US.”
“It is well known that the US has engaged in unscrupulous, massive and indiscriminate eavesdropping on many countries including its allies,” the embassy said in a statement.
“It is the world champion of malicious cyber attacks.”
Billions in costs
The Microsoft hack, which exploited flaws in the Microsoft Exchange service, affected at least 30,000 US organisations including local governments as well as organisations worldwide.
“Responsible states do not indiscriminately compromise global network security nor knowingly harbour cyber criminals — let alone sponsor or collaborate with them,” Blinken said in his statement.
“These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll.”
Accusations of cyberattacks against the United States have recently focused on Russia, rather than China. US officials say that many of the attacks originate in Russia, although they have debated to what extent there is state involvement. Russia denies responsibility.
This year has seen a slew of prominent ransomware strikes that have disrupted a major US pipeline, a meat processor and the software firm Kaseya, which affected 1,500 businesses.
Last week, Washington offered $10 million for information about foreign online extortionists.
- With reporting by Reuters and AFP. This report was updated with further details on July 20.