The Microsoft Exchange hack, which was identified in January, affected over a quarter of a million servers worldwide. The Biden administration said it had a “high degree of confidence” that the attack was carried out by “malicious cyber actors” affiliated with the Chinese Ministry of State Security (MSS). Beijing has previously denied responsibility for the breach. The White House also accused the MSS of using criminal contract hackers in operations including “cyber-enabled extortion, crypto-jacking, and theft from victims around the world for financial gain.” The US Department of Justice, meanwhile, announced criminal charges against four Chinese nationals who allegedly carried out a long-running hacking campaign. Despite the wave of accusations, the US has not issued any sanctions against the People’s Republic of China (PRC).
The alliance against China
The EU, UK, Japan, Canada, Australia, New Zealand all joined the US in condemning Chinese hacking. NATO was more circumspect in its message. The military alliance said it acknowledged the national statements attributing the compromise to the PRC: The announcements are part of a push from the US to build multilateral pressure on China. Relations between the countries have been strained by disputes over trade, control of the South China Sea, the crackdown on democracy in Hong Kong, and the treatment of Uyghurs in Xinjiang. The coordinated accusations of state-sponsored hacking could escalate the tensions.