China Spy Agency Blamed by US, Others of Using Contract Hackers
July 19, 2021
The United States and other countries are accusing China’s
Ministry of State Security of using criminal contract hackers to
conduct unsanctioned cyber operations globally, from which the
hackers personally profit.
The activities include ransomware operations against private
companies that are forced to pay millions in ransom demands to
regain access to their data, according to U.S. officials.
“The United States and countries around the world are holding
the People’s Republic of China (PRC) accountable for its pattern
of irresponsible, disruptive, and destabilizing behavior in
cyberspace, which poses a major threat to our economic and
national security, said a statement from U.S. Secretary of State
The United States, along with NATO, the European Union, the
United Kingdom, Japan, Canada, Australia and New Zealand, on
Monday specifically blamed China for the cyberattack in March
that affected tens of thousands of organizations via Microsoft
This was a type of zero-day hack where a vulnerability is known
to software vendors, but they do not yet have a patch in place
to fix the flaw.
“The U.S. government has raised its concerns about both this
incident and China's broader malicious cyber activity with
senior Chinese government officials, making clear that these
actions threaten security competence and stability in
cyberspace,” a senior administration official told reporters on
a call Sunday evening ahead of the announcement.
The use by China’s civilian intelligence agency of criminal
contract hackers was “really eye-opening and surprising for us,”
the official said.
Also significant is that the state security ministry is using
those hackers to “conduct unsanctioned cyber operations
globally, including for their own personal profit,” according to
the senior U.S. official.
China has consistently denied being involved in such activities.
Lu Kang, a foreign ministry spokesman, was asked in mid-March
about allegations made by four private security firms who were
investigating ransomware attacks. The firms blamed an advanced
threat group from China for the sophisticated network
Lu replied that if such allegations were seriously made with
reliable proof, then Beijing would take it seriously, but it did
not have time to respond to “rumors and speculation.”
The details released Monday morning in Washington and in allied
capitals are seen as an attempt to give China’s government the
details it requested.
Specifically, the National Security Agency, the Cybersecurity
and Infrastructure Security Agency and the Federal Bureau of
Investigation, in a joint advisory issued Monday, said they
“have observed increasingly sophisticated Chinese
state-sponsored cyber activity targeting U.S. political,
economic, military, educational, and CI (critical
infrastructure) personnel and organizations.”
is really an unprecedented group of allies and partners holding
China accountable,” the senior U.S. official said in the call
The U.S. agencies said “Chinese state-sponsored cyber actors
consistently scan target networks for critical and high
vulnerabilities within days of the vulnerability’s public
disclosure” and use “a full array of tactics and techniques to
exploit computer networks of interest worldwide and to acquire
sensitive intellectual property, economic, political and
The administration of U.S. President Joe Biden has been vocal
about a series of ransomware and other attacks blamed on groups
operating in Russia, but it has not directly linked those
activities to the Russian government.
In a face-to-face meeting with Russian President Vladimir Putin
in Geneva last month, Biden threatened to take action against
Moscow if cyber criminals continued to operate inside Russia