Australia, New Zealand, and Allies Say China Behind Malicious Cyber Activity
Australia and New Zealand (NZ) have joined the United States in attributing malicious cyber activity to China’s Ministry of State Security and said they are deeply disturbed by Beijing using criminal contract hackers to back its state-run cyberattacks against targets worldwide.
In media releases issued late Monday night, both the Australian and New Zealand governments called out the Chinese regime for its exploitation of vulnerabilities in the Microsoft Exchange software, which affected thousands of computers and networks worldwide, including in Australia and New Zealand.
“These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain,” Australian Foreign Minister Marise Payne, Home Affairs Minister Karen Andrews, and Defence Minister Peter Dutton said in a joint statement.
Australia also called on China to adhere to the commitments it made in the G20, and bilaterally “refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining competitive advantage.”
The sentiments were echoed by Andrew Little, the NZ Minister responsible for the Government Communications Security Bureau (GCSB), who said: “We call for an end to this type of malicious activity, which undermines global stability and security, and we urge China to take appropriate action in relation to such activity emanating from its territory.”
Little noted that the GCSB had worked through a robust technical attribution process concerning this issue and that it had confirmed, independently, that Chinese state-sponsored actors were responsible for the exploitation of Microsoft Exchange vulnerabilities in New Zealand in early 2021.
Both countries also condemned the Chinese Communist Party’s (CCP) Ministry of State Security (MSS) for engaging in malicious cyber activity and hiring contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and commercial advantage the Chinese regime.
The United Kingdom, Canada, Japan, the European Union, and NATO joined the United States, Australia and New Zealand in expressing their concerns.
The comments by the two governments come after the Biden Administration called out Beijing over its state-sponsored malicious cyber campaign that has seen hackers working for the MSS engaged in ransomware attacks, cyber-enabled extortion, crypto-jacking, and rank theft from victims around the world, all for financial gain.
In a media release on July 19, The White House said the United States had long been concerned about Beijing’s irresponsible and destabilizing behaviour in cyberspace.
“Today, the United States and our allies and partners are exposing further details of the PRC’s pattern of malicious cyber activity and taking further action to counter it, as it poses a major threat to U.S. and allies’ economic and national security,” the statement said, using the acronym for the country’s official name, the People’s Republic of China.
“Countries around the world are making it clear that concerns regarding the PRC’s malicious cyber activities are bringing them together to call out those activities, promote network defence and cybersecurity, and act to disrupt threats to our economies and national security.”
Meanwhile, the United States has charged four Chinese nationals who were working with China’s top intelligence agency in a global hacking campaign that targeted foreign governments and entities in key sectors, including maritime, aviation, defence, education, and healthcare.
They also worked towards the theft of research on the Ebola virus vaccine, trade secrets, and confidential business information on critical public health information, the Biden administration said.
CCP mouthpiece The Global Times has responded to the accusations, stating that it is a huge lie, and accused the Biden administration and their allies of trying to frame China, News.com.au reported.
“The U.S. cannot exploit these smears to substantively attack China. If the US takes aggressive measures, carries out national-level cyber attacks on China, or imposes so-called sanctions on China, we will retaliate,” the Global Times editorial reads.