Australia, along with the United States and other allies, condemned China’s “malicious cyber activities” and directly blamed it on the large-scale hacking of Microsoft Exchange software earlier this year.
In a joint statement on Monday night, Foreign Minister Mary Spean, Interior Secretary Karen Andrews, and Defense Secretary Peter Dutton stated that China’s actions in cyberspace “undermine international stability and security”.
They said that the Australian government is “seriously concerned” about reports by allies that China’s Ministry of National Security (MSS) “hired contract hackers” to steal intellectual property rights from other countries.
“Australia calls on all countries, including China, to act responsibly in cyberspace,” said Ms. Payne, Ms. Andrews and Mr. Dutton.
“China must abide by its G20 and bilateral commitments to avoid stealing intellectual property, trade secrets and confidential business information through the Internet in order to gain a competitive advantage.”
They stated that Australia’s cybersecurity posture is “very strong”, but “there is no room for complacency” and the government will continue to work with international partners to strengthen security.
The Microsoft Exchange hacker attack was first discovered in January and tens of thousands of computers worldwide were compromised. Private sector groups quickly pointed their finger at China, although it has not been publicly criticized by the government until now.
The Australian Minister’s Joint Statement was issued in coordination with the United States, the United Kingdom, the European Union, NATO, Canada, Japan and New Zealand.
US Secretary of State Anthony Brinken stated that China is responsible for “irresponsible, destructive and destabilizing behavior patterns in cyberspace.”
“The Ministry of National Security of China has cultivated an ecosystem of criminal contract hackers who carry out state-sponsored activities and cybercrimes for their own economic interests,” said Mr. Brinken.
“In addition, the U.S. government and our allies and partners have officially confirmed that network participants affiliated with MSS have used vulnerabilities in Microsoft Exchange Server in large-scale cyber espionage activities, indiscriminately destroying thousands of computers Network, most of which belong to the victims of the private sector.
“As proved The Justice Department today publicly prosecuted three MSS officials and one of their contract hackers, The United States will impose consequences on the irresponsible behavior of Chinese malicious cyber actors in cyberspace. “
Mr. Brinken said that the international community has set clear expectations and guidelines on what constitutes “responsible behavior” in cyberspace.
“Responsible countries will not indiscriminately endanger global cybersecurity, nor will they deliberately harbor cybercriminals, let alone sponsor and cooperate with them,” he said.
“These contract hackers cost governments and companies billions of dollars in stolen intellectual property rights, payment of ransoms, and cybersecurity mitigation work, but MSS put them on the payroll.”
He added that the United States and its allies will jointly oppose “digital authoritarianism” in cyberspace and “strengthen global security and stability.”
The indictment mentioned by Mr. Brinken Four Chinese citizens working in MSS are involved. A grand jury in San Diego charged each of them with conspiracy to commit computer fraud and conspiracy to conduct economic espionage, punishable by up to 20 years in prison.
They are alleged to be part of a “global hacker and economic espionage campaign” designed to invade the computer systems of dozens of companies, universities, and government entities in the United States and elsewhere between 2011 and 2018.
The focus of cyber attacks is to steal information that “has significant economic interest to Chinese companies and commercial sectors,” including information that enables them to bypass “resource-intensive R&D processes.”
“These allegations once again highlight China’s continued use of cyber attacks to steal products from other countries and flagrant disregard of its bilateral and multilateral commitments,” said Deputy Attorney General Lisa Monaco.
“The breadth and duration of China’s hacking activities, including hacking activities in more than a dozen countries, including healthcare, biomedical research, aviation, and defense, reminds us that no country or industry is safe.”
Paul Abate, deputy director of the FBI, stated that the United States will not allow the Chinese government to “obtain unfair economic advantages” through “criminal invasion and theft.”
British Foreign Secretary Dominic Raab described the “common hacking pattern” from China, calling the Microsoft Exchange cyber attack “reckless” but “familiar.”
“The Chinese government must end this systematic cyber damage, and if it fails to do so, it may be held accountable,” Mr. Raab said.
Last month, US President Joe Biden and Russian President Vladimir Putin held a summit. Biden warned Putin that if Russia continues to launch cyber attacks, he will face “consequences.”
Russia has been blamed for a series of ransomware attacks in which criminals stole company data and then demanded the payment to be returned.
The United States imposed sanctions on Russia in response to the hacker attack in April. It has not announced any sanctions against China.
Mr. Biden told reporters at the White House today that this is because the investigation into the Microsoft Exchange hacking incident is still ongoing.