US authorities suspect China of involvement in cyberattack on 60 thousand American organizations

The White House believes that cybercriminals associated with the Ministry of State Security of the People’s Republic of China are behind the March cyberattack through a vulnerability in Microsoft’s Exchange Server software. At least 60,000 American organizations were affected by the cyberattack. With accusations against Beijing spoke at a briefing Sunday evening, a senior Washington administration official.

According to her, the US authorities, together with allies and partners “with a high degree of confidence” in their conclusions are ready to officially attribute “malicious cyber campaign using zero-day vulnerabilities (vulnerabilities that have not yet been fixed) in Microsoft Exchange Server <... > cybercriminals associated with the Ministry of State Security of the People’s Republic of China ”.

According to the American official, the Chinese Ministry of State Security “deliberately uses contract cybercriminals to conduct unauthorized cyber operations around the world.” She added that this tactic “surprised” the American side.

“We have expressed our concern to high-ranking officials of the PRC government as to the incident with [ПО] Microsoft and the relatively wider [спектра] malicious activities of the PRC in cyberspace, making it clear that the PRC’s actions threaten the security, confidence and stability in cyberspace. The United States, our allies and partners do not rule out further actions to bring China to justice, ”she said.

In early March, at least 60 thousand organizations and companies in the United States were hacked due to vulnerabilities in Microsoft Exchange Server. The attack resulted in the spread of a ransomware virus. The American administration was unable to immediately name those who, it believes, are responsible for the cyberattack. Since then, Microsoft has become one of the main recipients of US government assistance to improve the security of computer networks in the country.

According to a spokeswoman for the US leadership, the PRC Department of State Security is using contract cybercriminals to conduct unauthorized cyber operations around the world, among other things, for personal gain. “All for the financial benefit of cyber operators associated with the PRC government <...>,” she added.

On Monday, the US authorities released new data on the cyberattack and announced their response. In particular, the US Department of Justice opened a criminal case against four hackers from the PRC Ministry of State Security. For many years they have organized cyberattacks against organizations in a dozen countries around the world. Such important areas as health care, defense, education, and air transportation were under threat. These same hackers tried, in particular, to steal information about the development of a vaccine against the Ebola virus.

“The United States has long been concerned about China’s irresponsible and destabilizing behavior in cyberspace,” she said at the briefing. According to her, this policy of Beijing “poses a huge threat to the American economy and national security.”

A White House spokeswoman clarified that the United States is acting in cooperation with Australia, Britain, Canada, New Zealand, Japan, partners in the EU and NATO. China’s malicious and aggressive activities include ransomware, theft of funds using cryptocurrency, and fraud, she said.

The presenter of the briefing also said that the US National Security Agency, the Federal Bureau of Investigation and the Infrastructure and Cyber ​​Security Agency (CISA) will introduce the public to “more than 50 tactics, techniques and techniques of cyber players associated with the Chinese government.” She explained that the relevant theses of the administration will be reflected in a press release on Monday, while similar statements are expected from the EU and NATO.

“This is the first time NATO has publicly linked such malicious cyberspace activity to China,” said a US administration official. – We are at the first important stage of drawing attention to <...> communication [Китая] with these actions and cohesion of our collective efforts in the field of security, ensuring the protection of networks and other actions necessary to suppress these threats. “

The presenter of the briefing also dwelled on the problem of combating hackers operating from Russia. In particular, we managed to disable the sites of the hacker group Revil. “We see, I think, like many of you, <...> based on information from open sources, that the account of a REvil representative may be blocked in Russian hacker channels. We see that the REvil infrastructure [по-прежнему] does not work. We believe this is a very positive development. This group has caused tremendous damage to victims around the world, ”she said.

The American authorities “will continue to declare to the Russian government that they believe Russia is responsible for the actions of criminals operating from the Russian Federation.” “We will continue to strive for further progress, not only in blocking infrastructure, but also in terms of bringing criminals to justice,” the presenter of the briefing emphasized.

According to her, the US strategy to counter ransomware viruses consists of four parts: improving security systems, tracking cryptocurrency transactions, working with other states to create a coalition “to bring Russia and other countries to justice”, shutting down the infrastructure and payment system of hackers …

Bloomberg previously reported that sites allegedly belonging to hackers from the REvil group have been disabled. As noted by security analysts interviewed by the agency, when you try to visit a site where members of the group usually post their statements, you receive a notification that this page was not found. Bloomberg emphasizes that the situation is similar with other resources related to hackers from REvil, who are allegedly behind the cyberattacks on the American division of the Brazilian meat processing company JBS and the software company Kaseya.

As the press secretary of the Russian president Dmitry Peskov said on Thursday, the Kremlin still does not have information about whether the disappearance of the REvil group sites is connected with contacts between Russia and the United States in the field of cybersecurity. transfers TASS.