Explainer | What are the hacking accusations against China?

Several countries accuse ‘cyber actors’ backed by the Chinese government of hacking the Microsoft Exchange email server
Allegations of Chinese cyberattacks are mounting, but Beijing has pointed the finger at the US as the matter becomes part of a broader rivalry

Cybersecurity

Kinling Lo

Published: 10:30pm, 20 Jul, 2021

Why you can trust SCMP

The United States and its allies have accused China of hacking a Microsoft email server as part of a state-backed campaign, adding to growing claims of Chinese involvement in high-profile cyberattacks.

Already an issue between China and the US before their relations deteriorated, cyber espionage has become another of the fronts on which Beijing and Washington are set to confront each other in the coming years.

A coalition of accusers

The US, Britain, the European Union and Nato on Monday accused Beijing of sponsoring a massive hack of the Microsoft Exchange email server that was discovered earlier this year, which compromised accounts worldwide. They vowed to work with other countries to halt what the US state department called China’s “destabilising behaviour in cyberspace”.

02:44

US, Britain and EU accuse China of sponsoring massive Microsoft email server hack

The state department said “cyber actors” working with China’s state security ministry “exploited vulnerabilities in [the] Microsoft Exchange server in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims”.

It was not the first time the US had accused China of cyberattacks, but it was unusual for a broad coalition of countries to publicly call out Beijing for state-backed hacking.

When Russia was accused

Previously, Russia had frequently been blamed for hacking and cyberattacks.

One of the most serious accusations was that Russia acted to help Donald Trump’s 2016 presidential election campaign and discredit his rival, Hillary Clinton. Moscow denied the accusations.

According to a declassified 2017 report by US intelligence agencies, Russian President Vladimir Putin ordered an effort to boost Trump’s chances of winning the election.

“Moscow’s influence campaign followed a Russian messaging strategy that blends covert intelligence operations – such as cyber activity – with overt efforts by Russian government agencies, state-funded media, third-party intermediaries and paid social media users or ‘trolls’,” it said.

“Russia’s intelligence services conducted cyber operations against targets associated with the 2016 US presidential election, including targets associated with both major US political parties.”

Moscow has been accused of orchestrating cyberattacks against the US. Photo: Shutterstock

What has China been accused of?

The US has also blamed China for election meddling through cyberattacks.

Trump has said China “meddled” in the 2018 US midterm elections, without offering evidence. He and Joe Biden, who would replace him in the White House, traded accusations about Chinese meddling in elections in their online campaigns for last year’s presidential poll.

The Trump administration also took action against Chinese apps TikTok and WeChat over national security threats, including alleged Chinese spying and intellectual property theft.

In the report Trump ordered in 2018 as part of the broader trade war launched against Beijing, China was accused of gaining access to trade secrets and other sensitive data through cyberattacks and cyber espionage.

Who is the little-known Chinese firm accused by the US of cyberattacks?

Last year, months into the coronavirus pandemic, Washington accused Chinese hackers of targeting vaccine development as part of a broader years-long campaign of global cyber theft targeting defence contractors, high-end manufacturers and solar energy companies, among others.

The Trump administration also closed China’s consulate in Houston last year, citing years of FBI intelligence-gathering indicating the facility was fortified to prevent surveillance and was a hi-tech communications hub for spying operations.

When Biden took office this year, his administration signalled that it would prioritise cybersecurity issues, launching an “urgent initiative” in response to what it called a growing threat to Washington from China and Russia.

01:12

China, Russia foreign ministers meet as countries stand ‘back to back’ amid rise in US tensions

What is China’s response to hacking accusations?

China has long maintained that it is a victim of cyberattacks. It called the latest accusation “groundless” and accused Washington of “massive and indiscriminate eavesdropping on many countries”.

When Beijing’s top diplomat Yang Jiechi met US Secretary of State Antony Blinken and National Security Adviser Jake Sullivan in March, he referred to the US as “the champion” of cyberattacks and technologies that could be deployed to launch them.

The Chinese-state affiliated National Computer Network Emergency Response Technical Team said in a report last August that 54 per cent of foreign malware attacks against China in 2019 originated in the US, with Russia and Canada the second and third-largest contributors.

Chinese hackers used Dropbox to mask attack on Afghanistan security agency

In a briefing on Tuesday, foreign ministry spokesman Zhao Lijian cited a report from Chinese tech company Qihoo 360 that said the CIA’s APT-C-39 cyberattack organisation had targeted China’s aerospace research institutions, petroleum industry, large IT companies and government agencies for 11 years.

“In fact, the United States is the world’s largest source of cyberattacks,” Zhao said.

Is cyber peace a common goal?

A truce was attempted in 2015 when former US president Barack Obama and Chinese counterpart Xi Jinping jointly declared that neither the US nor Chinese government would “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage”.

In 2018, the US said that the number of attacks had since dropped “dramatically”, but that China was still breaking the agreement. Beijing has repeatedly denied the accusations.