Skip to main content

Biden goes after China, assigns blame for Microsoft Exchange hack


In its latest announcement surrounding cybersecurity, the Biden administration said Monday China was behind March’s Microsoft Exchange email server software hack. The hack compromised tens of thousands of computers around the world.

The video above shows White House Press Secretary Jen Psaki discussing the international effort to call China out.

The Microsoft Exchange hack was first identified in January. Experts quickly attributed the hack to China. An administration official said the government’s attribution to China took until now in part because the administration wanted to pair the announcement with guidance for businesses about tactics the Chinese have been using.

The White House also wanted to line up an international coalition of allies to call out China. The official said it was the first time NATO had condemned Beijing’s hacking operations.

The European Union and Britain also pointed the finger at China. The EU said malicious cyber activities that targeted government institutions, political organizations and key industries could be linked to Chinese hacking groups. The U.K.’s National Cyber Security Centre said the groups targeted maritime industries and naval defense contractors in the U.S. and Europe, as well as the Finnish parliament.

In a statement, EU foreign policy chief Josep Borrell said the hacking was “conducted from the territory of China for the purpose of intellectual property theft and espionage.”

The Justice Department charged four Chinese nationals prosecutors said were working with China’s Ministry of State Security in a hacking campaign that targeted dozens of computer systems. This includes companies, universities and government entities.

The Ministry of State Security has been using criminal contract hackers, who have engaged in cyber extortion schemes and theft for their own profit, according to a senior administration official.

A Chinese Foreign Ministry spokesperson has previously said China “firmly opposes and combats cyber attacks and cyber theft in all forms”. The ministry said attribution of cyberattacks should be based on evidence and not “groundless accusations.”

The majority of the most damaging and recent high-profile ransomware attacks have involved Russian criminal gangs. Though the U.S. has sometimes seen connections between Russian intelligence agencies and individual hackers, the use of criminal contract hackers by the Chinese government “to conduct unsanctioned cyber operations globally is distinct,” the official said.

Jen Psaki, White House press secretary: “First, let me say that today an unprecedented group of allies and partners, including the European Union, the United Kingdom, Australia, Canada, New Zealand, Japan and NATO, are joining the United States in exposing and criticizing the PRC’s (People’s Republic of China’s) Ministry of State Security as malicious cyber activities. And this is the first time NATO has condemned PRC cyber activities. So I would note that we are actually elevating and taking steps to not only speak out publicly, but certainly take action as it relates to problematic cyber activities from China in a different way. But as we have from Russia as well, we are not differentiating. One is, you know, out of the realm of condemnation or out of the realm of consequence from the United States.”

Reporter asking question: “Basically, the US economy depends a lot on Chinese imports. We only get six billion dollars worth of goods from Russia if we were to come with major sanctions on China. Is there a risk that we can be hurting our own economy?”

Jen Psaki, White House press secretary: “Well, I would say first that we take cyber actions against our country and against private sector entities quite seriously. The Department of Justice is imposing costs today as they announce criminal charges against four MSS (Ministry of State Security) hackers. These charges address activities concerning a multi-year campaign targeting foreign governments and entities in key sectors. We also have, of course, through the National Security Agency, Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation exposed over 50 tactics, techniques and procedures Chinese state sponsored cyber actors used when targeting U.S. and allied networks. My point is we are not holding back. We are not allowing any economic circumstance or consideration to prevent us from taking actions where warrant and also we reserve the option to take additional actions where warrant as well. This is not the conclusion of our efforts as it relates to cyber activities with China or Russia.”

Reporter asking question: “So if the United States were to take action against China, would it do so alone or does the administration feel like you need allies on board to take that step?”

Jen Psaki, White House press secretary: “Well, it’s a good question, Rachel. I think as we’ve approached our China strategy from the beginning and our policy as it relates to China, we’ve always felt that going working together, working in partnership with allies around the world and also with in partnership with members of the federal government, members of Congress from both sides of the aisle was how we approached it from a position of strength. So, what’s significant today is that while we’re calling out these malicious cyber activities, so are a number of our key partners around the world.”