Five other countries formally accuse China of APT10 hacking spree

Australia, Canada, Japan, New Zealand, and the UK also point the finger at the Beijing government. Germany expected as well.
Written by Catalin Cimpanu, Contributor

After the US Department of Justice charged two Chinese nationals for being members of a state-sponsored hacking group and accused the Chinese government of orchestrating a string of hacks around the world, five other governments have stepped in with similar accusations.

Australia, Canada, Japan, New Zealand, and the UK have published official statements today formally blaming China of hacking their government agencies and local companies.

All statements are in regards to the supposed involvement of the Chinese Ministry of State Security (MSS) in supporting the activity of a hacking group known as APT10.

In a DOJ indictment yesterday, the US says this group hacked companies in 12 countries, and later breached cloud service providers, wormed through their infrastructure, and hacked even more companies.

US officials said the primary purpose of these hacks was to steal trade secrets and intellectual property that the Chinese government later passed to local Chinese companies, helping create an unfair advantage for local firms on the global market.

The list of victims is a list of "who's who of the global economy," said DOJ officials in a press conference yesterday, also revealing that allied governments were also preparing supporting statements.

Those statements came in today, and they were fuming, and for good reasons.

"This activity is counter to the commitment all APEC economies, including China, made in November 2016," said New Zealand's Government Communications Security Bureau (GCSB). "APEC economies agreed they should not conduct or support [Information and Communications Technology] ICT-enabled theft of intellectual property or other confidential business information, for commercial advantage."

New Zealand's statement was followed by fellow countries part of the Five Eyes intelligence-sharing alliance -Australia, Canada, and the UK (together with the US' initial charges).

"This campaign is one of the most significant and widespread cyber intrusions against the UK and allies uncovered to date, targeting trade secrets and economies around the world," said UK Foreign Secretary, Jeremy Hunt. "Our message to governments prepared to enable these activities is clear: together with our allies, we will expose your actions and take other necessary steps to ensure the rule of law is upheld."

Five Eyes countries were also joined by a statement from the Tokyo government, while a similar statement from the Berlin government is expected later today after the German government having issued a warning yesterday to local companies about the possibility of their cloud providers having been hacked.

Just like Germany, Australia and the UK have also sent out security advisories to companies and government agencies about APT10's cloud provider hacks.

In a ZDNet exclusive earlier today, Alastair MacGibbon, head of the Australian Cyber Security Centre (ACSC) revealed that China's APT10 hackers had infiltrated at least nine global service providers. Reuters named two of them last night, namely HPE and IBM.

But the Chinese government didn't take the public flogging sitting down. Through state news agencies, Chinese officials claimed Western countries pulled the cyber-theft accusations "out of thin air."

Another news agency went as far as to point out that the US has hacked China in the past, and the Chinese government is only now finding out the extent of those hacks. The news outlet, through a source, pointed the finger at the Equation Group, a codename given by cyber-security companies to the NSA's hacking units.

This is not the first time that multiple countries have banded together to call out a government for its hacking-related exploits. In February this year, the Five Eyes intelligence-sharing alliance called out Russia for orchestrating the NotPetya attacks on Ukraine, which later spread to touch companies all over the globe.

Cybercrime and malware, 2019 predictions

More cybersecurity coverage:

Editorial standards