Biden admin accuses China of hacking US servers as Justice Department charges Chinese nationals

The Biden administration, along with several European allies, accused China of mass-hacking Microsoft Exchange servers in an announcement on Monday, marking the first time the U.S. has accused China of aiding ransomware attackers. 

“We have raised our concerns about both this incident and the [People’s Republic of China’s] broader malicious cyber activity with senior PRC Government officials, making clear that the PRC’s actions threaten security, confidence, and stability in cyberspace,” a White House fact sheet stated

The United States has attempted to regulate the Chinese government for decades, with Monday’s announcement marking a significant escalation between the two countries. Several U.S. allies, including the European Union, NATO, the U.K., Australia, and Japan, joined the White House in its efforts to change China’s behavior. 

“The compromise and exploitation of the Microsoft Exchange server undermined the security and integrity of thousands of computers and networks worldwide,” the Council of the European Union said in a statement on Monday. “This irresponsible and harmful behavior resulted in security risks and significant economic loss for our government institutions and private companies, and has shown significant spill-over and systemic effects for our security, economy, and society at large.”

Following Biden’s statement, the United States Justice Department announced charges against three Chinese intelligence officials and one Chinese computer hacker on Monday regarding an unlawful cyber campaign that stole confidential information from several countries. The theft involved information about sensitive technologies which were “of significant benefit” to the Chinese government and economy, according to the Justice Department. The department added that the hackers also targeted several research institutes and universities to access research on Ebola, MERS, and HIV/AIDS.

“These criminal charges once again highlight that China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments,” Deputy Attorney General Lisa O. Monaco said in a statement. 

Prosecutors say that the three intelligence officers served in the Hainan State Security Department (HSSD), an arm of China’s Ministry of State Security. The Justice Department identified them as Ding Xiaoyang, Cheng Qingmin, and Zhu Yunmin, and the computer hacker was identified as Wu Shurong. 

In an indictment unsealed Friday, prosecutors allege that the intelligence officers worked with Chinese universities to identify, recruit, and train hackers and linguists. The officers hid the Chinese government’s involvement by creating a front organization called Hainan Xiandun Technology Development Co., Ltd, according to prosecutors, though the company has since disbanded.  The indictment also alleges that Shurong created malware, hacked into computer systems operated by foreign governments, companies, and institutions, and supervised other Hainan hackers. 

“The breadth and duration of China’s hacking campaigns, including these efforts targeting a dozen countries across sectors ranging from health care and biomedical research to aviation and defense, remind us that no country or industry is safe,” Monaco said. “Today’s international condemnation shows that the world wants fair rules, where countries invest in innovation, not theft.”

Xiaoyang, Qingmin, Yunmin, and Shurong were each charged with one count of conspiracy to commit computer fraud, which carries a maximum sentence of five years in prison, and one count of conspiracy to commit electronic espionage which carries a maximum sentence of 15 years in prison. Assistant U.S. Attorneys Fred Sheppard and Sabrina Feve of the Southern District of California and Trial Attorney Matthew McKenzie of the National Security Division’s Counterintelligence and Export Control Section will be prosecuting the case.