Australia and New Zealand (NZ) have joined the United States in attributing malicious cyber activity to China’s Ministry of State Security and said they are deeply disturbed by Beijing using criminal contract hackers to back its state-run cyberattacks against targets worldwide.
“These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain,” Australian Foreign Minister Marise Payne, Home Affairs Minister Karen Andrews, and Defence Minister Peter Dutton said in a joint statement.
Australia also called on China to adhere to the commitments it made in the G20, and bilaterally “refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining competitive advantage.”
The sentiments were echoed by Andrew Little, the NZ Minister responsible for the Government Communications Security Bureau (GCSB), who said: “We call for an end to this type of malicious activity, which undermines global stability and security, and we urge China to take appropriate action in relation to such activity emanating from its territory.”
Little noted that the GCSB had worked through a robust technical attribution process concerning this issue and that it had confirmed, independently, that Chinese state-sponsored actors were responsible for the exploitation of Microsoft Exchange vulnerabilities in New Zealand in early 2021.
Both countries also condemned the Chinese Communist Party’s (CCP) Ministry of State Security (MSS) for engaging in malicious cyber activity and hiring contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and commercial advantage the Chinese regime.
The United Kingdom, Canada, Japan, the European Union, and NATO joined the United States, Australia and New Zealand in expressing their concerns.
In a media release on July 19, The White House said the United States had long been concerned about Beijing’s irresponsible and destabilizing behaviour in cyberspace.
“Today, the United States and our allies and partners are exposing further details of the PRC’s pattern of malicious cyber activity and taking further action to counter it, as it poses a major threat to U.S. and allies’ economic and national security,” the statement said, using the acronym for the country’s official name, the People’s Republic of China.
“Countries around the world are making it clear that concerns regarding the PRC’s malicious cyber activities are bringing them together to call out those activities, promote network defence and cybersecurity, and act to disrupt threats to our economies and national security.”
They also worked towards the theft of research on the Ebola virus vaccine, trade secrets, and confidential business information on critical public health information, the Biden administration said.
“The U.S. cannot exploit these smears to substantively attack China. If the US takes aggressive measures, carries out national-level cyber attacks on China, or imposes so-called sanctions on China, we will retaliate,” the Global Times editorial reads.