WASHINGTON/TOKYO -- The U.S., Europe, Japan and others on Monday accused China of a "pattern of malicious cyber activity," linking Beijing to an attack on Microsoft Exchange email servers discovered in March.
Concerns about this behavior are bringing countries together to "call out those activities, promote network defense and cybersecurity, and act to disrupt threats to our economies and national security," a White House statement said. The group includes the U.S., Japan, Australia, New Zealand, the European Union and NATO.
The coordinated response marks a new phase in U.S.-China tensions, with Washington widening its efforts to isolate Beijing over alleged bad behavior. It also reveals the sense of alarm in the U.S. as China narrows the gap in technology needed to project power through the internet.
A key question is whether coordinated sanctions will follow as they did in when U.S. allies condemned China over alleged abuses of Uyghur Muslims. Japan was notably absent from that coordinated action, with some fearing economic repercussions from taking a tough stance toward Beijing.
"The U.S. and our allies and partners are not ruling out further actions to hold [China] accountable," a senior American official told reporters Sunday, suggesting that sanctions could be on the table. Washington has conveyed its concerns to top Chinese officials, the official said.
On the Microsoft attack, the statement alleged that "cyber operators" affiliated with China's Ministry of State Security exploited vulnerabilities in the software to "compromise tens of thousands of computers and networks worldwide." The White House also said hackers linked to the Chinese government have engaged in ransomware attacks.
The Japanese government, which suspects the People's Liberation Army of involvement in a cyberattack against space agency JAXA, said that "malicious cyber activities that could potentially undermine the foundation of democracy embodied by free, fair and secure cyberspace cannot be condoned."
The Biden administration's message was echoed in Europe.
"The Chinese government must end this systematic cyber sabotage and can expect to be held [to] account if it does not," U.K. Foreign Minister Dominic Raab said. The EU, while not accusing Beijing of direct involvement in cyberattacks, urged China to adhere to norms of "responsible state behavior" and "not allow its territory to be used for malicious cyber activities."
Separately, the U.S. Justice Department announced charges against four hackers under China's Ministry of State Security in connection with assaults against government, corporate and other targets in numerous countries over several years.
Beyond the Microsoft incident, the Australian government announced in June of last year that the country had been hit by a wave of cyberattacks from a "state-based" actor, generally believed to be China. Blackouts in the Indian commercial hub of Mumbai the following October have also been attributed to a Chinese virus.
Cyberattacks conducted by groups with support from states such as China, Russia and North Korea are not uncommon, but openly attributing them to a specific country as the U.S. and its partners did Monday is highly unusual.
U.S. President Joe Biden paved the way for this effort at the Group of Seven summit in June, calling on other leaders to come together to confront Chinese-backed cyberattacks.
Washington hopes the next step for the partnership will be concrete action, similar to the sanctions imposed against Chinese officials after the U.S., the U.K., the EU and Canada in March condemned alleged human rights abuses against China's Uyghur Muslim minority in Xinjiang.
Also on Monday, the FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency issued an advisory describing around 50 tactics and methods used by Chinese hackers against targets around the world including government agencies, universities and medical institutions, to promote stronger cyber defenses.
Attacks often target vulnerabilities in business software, as well as cloud services that have come into broader use as more people work from home amid the coronavirus pandemic. Phishing emails that lead users to download malicious files are another common tactic.
The advisory urged closer monitoring of systems for unauthorized access, minimizing data shared with third parties and training users to avoid suspicious emails. It also recommended disabling macros in Microsoft Office files and using multi-factor authentication.
"China has made cyberattacks part of its national strategy," said Hiroki Iwai, head of Tokyo-based cybersecurity consultancy Sighnt. China conducts attacks to steal technology positioned as key to its economic policy, Iwai said.
