On Monday, the US and its allies accused China of a global cyberespionage campaign, rallying an unusually broad coalition of nations to openly condemn Beijing’s hacking.
NATO, the European Union, Australia, the United Kingdom, Canada, Japan, and New Zealand joined the United States in criticising the snooping, which US Secretary of State Antony Blinken called “a grave threat to our economic and national security.”
Simultaneously, the U.S. Department of Justice charged four Chinese nationals – three security officials and one contract hacker – with targeting dozens of companies, universities and government agencies in the United States and abroad.
A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, called the accusations against China “irresponsible.”
“The Chinese government and relevant personnel never engage in cyber attacks or cyber theft,” Liu said in a statement.
At an event about the administration’s infrastructure plan, U.S. President Joe Biden told reporters: “My understanding is that the Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it. And maybe even accommodating them being able to do it.”
White House spokeswoman Jen Psaki was later asked at her daily briefing why Biden did not directly blame the Chinese government in his response to a reporter’s question.
“That was not the intention he was trying to project. He takes malicious cyber activity incredibly seriously,” Psaki said.
Psaki also said the White House does not differentiate between Russia and China when it comes to cyber attacks.
“We are not holding back, we are not allowing any economic circumstance or consideration to prevent us from taking actions … also we reserve the option to take additional action,” she said.
While a flurry of statements from Western powers represents a broad alliance, cyber experts said the lack of consequences for China beyond the U.S. indictment was conspicuous. Just a month ago, summit statements by G7 and NATO warned China and said it posed threats to the international order.
Adam Segal, a cybersecurity expert at the Council on Foreign Relations in New York, called Monday’s announcement a “successful effort to get friends and allies to attribute the action to Beijing, but not very useful without any concrete follow-up.”
SOME CIRCUMSPECT STATEMENTS
Some of Monday’s remarks appeared to be pulling punches. While the United States and its close allies, such as the United Kingdom and Canada, blamed the Chinese government directly for the hacking, others were more cautious.
NATO just stated that its members “acknowledge” the United States, Canada, and the United Kingdom’s charges against Beijing. The European Union urged Chinese officials to stop “malicious cyber actions carried out from its territory,” a statement that left open the possibility that the Chinese government was not responsible for the espionage.
The United States was much more specific, formally attributing intrusions such as the one that affected servers running Microsoft Exchange earlier this year to hackers affiliated with China’s Ministry of State Security. Microsoft (MSFT.O) had already blamed China.
The magnitude and intensity of hacking linked to China astounded US officials, as did China’s employment of “criminal contract hackers,” according to Blinken, who carry out both state-sponsored activities and cybercrime for personal gain.
According to a senior administration official, the US security and intelligence services have identified more than 50 techniques and procedures that “China state-sponsored actors” utilise against US networks.
In recent months, Washington has accused Russian hackers of a series of ransomware assaults in the US.
The senior administration official said U.S. concerns about Chinese cyber activities have been raised with senior Chinese officials, and further action to hold China accountable was not being ruled out.
The United States and China have already been at loggerheads over trade, China’s military buildup, disputes about the South China Sea, a crackdown on democracy activists in Hong Kong and treatment of the Uyghurs in the Xinjiang region.
Blinken cited the Justice Department indictments as an example of how the United States will impose consequences.
According to the indictment, the defendants and officials from the Hainan State Security Department, a regional state security office, attempted to conceal the Chinese government’s role in the data theft by utilising a front firm.
According to the Justice Department, the effort targeted trade secrets in the aviation, defence, education, government, healthcare, biopharmaceutical, and maritime industries.
Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland, the United Kingdom, and the United States were among the countries where victims were found.
“These criminal charges once again highlight that China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments,” Deputy U.S. Attorney General Lisa Monaco said in the statement.