The United States, in concert with the EU, UK, and NATO, has formally charged China with orchestrating the February and March ransomware attacks on Microsoft Exchange servers.

“Responsible states do not indiscriminately compromise global network security nor knowingly harbor cybercriminals — let alone sponsor or collaborate with them,” U.S. Secretary of State Antony Blinken said. “These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the [Chinese Ministry of State Security (MSS)] had them on its payroll.”

According to the charges, China and a hired army of digital mercenaries engaged in a multiyear campaign targeting foreign governments and key corporations in maritime, aviation, defense, education, and healthcare in over one dozen countries. They attempted to steal the Ebola vaccination and intellectual property, trade secrets, and confidential business information. The U.S. government says that it has “a high degree of confidence” that these attacks were all state-sponsored.

“Before Microsoft released its security updates, MSS-affiliated cyber operators exploited vulnerabilities [in Exchange] to compromise tens of thousands of computers and networks worldwide in a massive operation that resulted in significant remediation costs for its mostly private sector victims,” the White House alleges. “In the past few months, we have focused on ensuring the MSS-affiliated malicious cyber actors were expelled from public and private sector networks and the vulnerability was patched and mitigated to prevent the malicious cyber actors from returning or causing additional damage.”

Additionally, the National Security Agency (NSA), Cybersecurity and Infrastructure Agency (CISA), and Federal Bureau of Investigation (FBI) have collectively released a cybersecurity advisory that details additional ways in which China targeted U.S. and allied networks. The hope is that, by exposing its techniques and providing actionable mitigation guidance, the U.S. Government can help others take action against these and other cybersecurity threats.

“The compromise and exploitation of the Microsoft Exchange server undermined the security and integrity of thousands of computers and networks worldwide, including in the member states and EU institutions,” an EU Foreign Affairs and Security Policy statement adds. “The EU and its member states strongly denounce these malicious cyber activities, which are undertaken in contradiction with the norms of responsible state behavior as endorsed by all UN member states. We continue to urge the Chinese authorities to adhere to these norms and not allow its territory to be used for malicious cyber activities, and take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation.”

Finally, the U.S. Department of Justice (DOJ) has publicly detailed a grand jury indictment that charges four Chinese individuals who worked with the Chinese Ministry of State Security on a hacking campaign that ran from 2011 to 2018. According to the charges, these hackers attempted to steal intellectual property and confidential business information from key aviation, defense, education, government, health care, biopharmaceutical, and maritime companies in several other countries. While not directly related to the Microsoft hacks, these efforts paint a picture of years of cyber-attacks undertaken by China.

The “conspirators sought to obfuscate the Chinese government’s role in such theft by establishing a front company,” the DOJ notes, adding that one of the individuals charged “created malware, hacked into computer systems operated by foreign governments, companies, and universities, and supervised other hackers,” and that Chinese universities actually helped MSS find hackers. The crimes represent “a worldwide hacking and economic espionage campaign led by the government of China,” according to Acting U.S. Attorney Randy Grossman for the Southern District of California.

Tagged with Security