In response to alleged Chinese ransomware attacks and intellectual property theft, the Biden government is reportedly tightening its cybersecurity policy.
“Today the United States and our allies and partners reveal further details of the PRC” [People’s Republic of China] Patterns of malicious cyber activity and take further action to counter it, as it poses a major threat to the economic and national security of the US and its allies, ”the White House stated in a Press release On Monday. Allies include the European Union, the United Kingdom, NATO, Australia, Canada, New Zealand and Japan.
Why is that important? For the first time, such a powerful country coalition has accused China of malicious cyber activities and called on the Chinese authorities to look into the situation. The EU said that these cyber activities were affecting its “economy, security, democracy and society as a whole”, while the US called China’s behavior “contrary to its stated goal of being seen as a responsible leader in the world,” the UK said , the Chinese state responsible for “the widespread hacking pattern”, and NATO reaffirmed their “willingness to have a constructive dialogue with China on this issue”.
“I understand that the Chinese government, like the Russian government, does not do this itself, but protects those who do it. And maybe even accommodating that they are able to. ”- US President Joe Biden, loudly Reuters
“The US has repeatedly made baseless attacks and malicious slander against China in relation to cybersecurity. This is just another old trick that has nothing new, ”said a Chinese government spokesman Wall Street Journal.
Allegations against China
Employment of criminal contract hackers: The US has accused China of promoting an intelligence company that includes “contract hackers who also carry out unauthorized cyber operations around the world, also for their own personal gain.” The press release points to documents unsealed in October 2018 and July and September 2020 showing that hackers who have worked for the Chinese Ministry of State Security (MSS) in the past carried out “ransomware attacks, cyber-enabled extortion , Crypto jacking, and file theft from victims around the world, all for financial reasons. “
Ransomware attacks against private companies: The US also said China’s government-affiliated cyber operators carried out ransomware operations against private companies demanding millions in ransom.
Targeting government institutions and political organizations in the EU: The EU in its Press release said China-based hacking groups known as Advanced Persistent Threat 40 and Advanced Persistent Threat 31 have targeted government institutions and political organizations in the EU and member states “for the purpose of intellectual property theft and espionage”. The UK has now accused the same groups of hackers targeting maritime industries and naval defense companies in the US and Europe, as well as the Finnish Parliament in 2020.
Role in the Microsoft Exchange hack: At the beginning of March this year, Microsoft announced that Chinese hackers were trying to exploit vulnerabilities in its Exchange Server, a mail and calendar service used by companies and organizations. The hack is said to have targeted 30,000 organizations in the United States alone and many more worldwide. The US has now stated that it can attribute “high levels of confidence” to the fact that malicious cyber actors associated with the Chinese government were behind the attack. “The compromise and exploitation of the Microsoft Exchange server has undermined the security and integrity of thousands of computers and networks worldwide, including in the Member States and EU institutions,” the EU said in its press release. “It is the most significant and widespread cyber-attack against the UK and its allies that has been exposed,” said its press release.
Theft of Critical Health Information: The US also accused China of stealing Ebola vaccine research, as well as other intellectual property, trade secrets and confidential business information related to critical public health information.
How did the US react?
“We do not allow economic circumstances or considerations that prevent us from taking action when it is justified. We also reserve the right to take additional measures if necessary. This is not the result of our efforts in relation to cyber activities with China or Russia. ”- Jen Psaki, White House Press Secretary in Press briefing
Criminal charges against Chinese hackers: The US Department of Justice announced that no sanctions were imposed on China, as in the case of Russia criminal charge against four MSS hackers “involved in activities related to a multi-year campaign targeting foreign governments and institutions in key sectors including shipping, aviation, defense, education and health care in at least a dozen countries,” the newspaper said Message.
US Government Response to the Microsoft Exchange Incident (according to press release):
- Cyber operations and proactive network defense actions carried out to prevent compromised systems from being used for ransomware attacks or other malicious purposes.
- Introducing a new model for responding to cyber incidents involving private companies in the Cyber Unified Coordination Group.
- The National Security Agency, Cybersecurity and Infrastructure Agency, and the Federal Bureau of Investigation have issued a cybersecurity advisory that provides additional details on cyber techniques used by China to target the US and its allies.
Steps to modernize the federal networks and improve the country’s cybersecurity:
- Executive order to revise cybersecurity: In May of this year, the government announced a revision of its cybersecurity policy, which will focus on improving the exchange of threat information between the government and the private sector, upgrading, improving the security of the software supply chain, establishing a cybersecurity safety review board, standardizing the Responding to cybersecurity incidents, improving cybersecurity incident detection on government networks, and improving investigative and remedial skills
- Financing of modernization efforts: As part of the cybersecurity overhaul, the U.S. government is funding five efforts to modernize cybersecurity across the federal government. These efforts include implementing endpoint security, improving logging practices, moving to a secure cloud environment, improving security operations centers, and deploying multi-factor authentication, the publication said.
Close cooperation with the private sector: The US government is working closely with the private sector to address cybersecurity vulnerabilities in critical infrastructure. The Industrial Control Systems Cybersecurity Initiative and the Electricity Subsector Action Plan are initiatives on this front, the press release said.
Guideline for critical pipeline owners and operators to comply with cybersecurity standards: The Transportation Security Administration (TSA) has issued a policy requiring owners and operators of critical pipelines to report confirmed and potential cybersecurity incidents to the government and to appoint a cybersecurity coordinator who is available 24 hours a day, seven days a week. The directive also requires pipeline operators to review their current practices and report the results to the government within 30 days, the press release said. The TSA will soon issue another policy to further assist the pipeline industry in improving their cybersecurity, the press release said.