Western governments said on Monday they are highly confident that hackers under the control of China’s Ministry of State Security breached the security of Microsoft Exchange, affecting 400,000 e-mail servers worldwide.Steven Senne/The Associated Press
Canada joined the United States and other global allies, including NATO, in collectively condemning China on Monday for masterminding a sophisticated hack of Microsoft services in early 2021, but they stopped short of imposing sanctions on Beijing.
The broad coalition, which also includes the United Kingdom, the European Union, New Zealand and Japan, says state actors affiliated with the People’s Republic of China (PRC) gained access to computer networks around the world.
The cyber attack on Microsoft – believed to have taken place in January and discovered in early March – breached tens of thousands of computers worldwide and allowed the hackers to obtain sensitive data from personal, business and government computer systems.
Western governments said on Monday they are highly confident that hackers under the control of China’s Ministry of State Security breached the security of Microsoft Exchange, affecting 400,000 e-mail servers worldwide.
“This activity put several thousand Canadian entities at risk – a risk that persists in some cases even when patches from Microsoft have been applied,” Foreign Affairs Minister Marc Garneau said in a statement on Monday. “Canada is confident that the PRC’s Ministry of State Security (MSS) is responsible for the widespread compromising of the Exchange servers.”
Mr. Garneau said several cybergroups in China are believed to have taken part in the operation, including Advanced Persistent Threat Group 40 (APT 40), which he said consists of elements of the Minister of State Security’s Hainan State Security Department. He revealed that the same group had targeted Canadian sectors in the past.
“This group’s cyber activities targeted critical research in Canada’s defence, ocean technologies and biopharmaceutical sectors in separate malicious cybercampaigns in 2017 and 2018,” he said. “These actors are highly sophisticated and have demonstrated an ability to achieve sustained, covert access to Canadian and allied networks beyond the compromising of Microsoft exchange servers.”
In a statement, a spokesman for China’s embassy in Washington said the claim by the U.S. and its allies was “groundless” and a “malicious smear” against Beijing.
“The Chinese government and relevant personnel never engage in cyber attacks or cyber theft,” spokesman Liu Pengyu said. “It is irresponsible and ill-intentioned to accuse a particular party when there is no sufficient evidence around.”
China signed an agreement in 2015 with U.S. president Barack Obama, and with Prime Minister Justin Trudeau in 2017 to stop conducting state-sponsored cyberattacks aimed at stealing private-sector trade secrets and proprietary technology.
That deal only covered economic espionage – hacking corporate secrets – and did not preclude China from conducting state-sponsored cyberattacks against the Canadian government or military, as it did in 2014, when Chinese hackers broke into the main computers at the National Research Council.
Former Canadian Security Intelligence Service director Richard Fadden, who also was national security adviser to Mr. Trudeau and prime minister Stephen Harper, said Beijing can’t be trusted and Canada needs to increase its cyber defences and even hit back at China.
“Agreement or not with China, the potential benefits of cyber attacks of various kinds on the West’s private sector are too great for us to expect China to cease its attacks,” he said. “We should follow up our recognition of China’s ongoing intent by consciously increasing our defensive measures and, if necessary, contemplate appropriate pushback.”
The Chinese embassy in Ottawa was not immediately available for comment.
In concert with allies, Canada has become more willing to criticize Beijing after a vote in Parliament declared it has committed genocide against its Uyghur minority, and in the midst of a brutal crackdown on political dissidents in Hong Kong – despite concerns about Beijing’s imprisonment of Canadians Michael Spavor and Michael Kovrig.
U.S. Secretary of State Antony Blinken said in a statement that Western countries are holding Beijing “accountable for its pattern of irresponsible, disruptive and destabilizing behaviour” in cyberspace, which poses a major threat to “our economic and national security.” He accused China’s Ministry of State Security of fostering an “ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.”
British Foreign Secretary Dominic Raab called China’s actions “a reckless but familiar pattern of behaviour,” and urged Beijing to end “this systematic cyber sabotage,” adding that it can expect to be held to account if it does not.
Although the coalition of democratic countries did not impose sanctions on China, the U.S. Justice Department said four Chinese nationals – three security officials and one contract hacker – have been charged in a global hacking campaign aimed at dozens of companies, universities and government agencies in the United States and abroad. The activities took place between 2011 and 2018 and focused on information that would significantly benefit Chinese businesses.
“Western countries have generally taken the position that while we engage in espionage to protect our respective states, we do not do so to collect information to advantage Western companies; something of which the Chinese have often been accused,” former CSIS director Ward Elcock said.
NATO also joined in the condemnation – the first time the military alliance, founded in 1949 to confront the Soviet Union, has signed on to a formal censure of China’s cyber activities.
“We call on all states, including China, to uphold their international commitments and obligations and to act responsibly in the international system, including in cyberspace,” NATO said in a statement.
Reuters reported that U.S. security and intelligence agencies will outline more than 50 techniques and procedures that “China state-sponsored actors” use in targeting U.S. and allied networks.
According to a 31-page U.S. cybersecurity advisory seen by Reuters, Chinese state-sponsored hackers consistently scan networks for critical vulnerabilities within days of a vulnerability’s public disclosure.
The U.S. under President Joe Biden has begun a coalition of Western nations to oppose China’s military buildup, its crackdown on democracy activists in Hong Kong, the treatment of Uyghurs in the Xinjiang region and aggression in the South China Sea.
On Friday, the Biden administration warned U.S. businesses about risks to their operations and activities in Hong Kong after China imposed a new national security law there last year.
With reports from James Griffiths and Reuters
Know what is happening in the halls of power with the day’s top political headlines and commentary as selected by Globe editors (subscribers only). Sign up today.
Robert Fife