After the US Department of Justice charged two Chinese nationals for being members of a state-sponsored hacking group and accused the Chinese government of orchestrating a string of hacks around the world, five other governments have stepped in with similar accusations.
Australia, Canada, Japan, New Zealand, and the UK have published official statements today formally blaming China of hacking their government agencies and local companies.
All statements are in regards to the supposed involvement of the Chinese Ministry of State Security (MSS) in supporting the activity of a hacking group known as APT10.
In a DOJ indictment yesterday, the US says this group hacked companies in 12 countries, and later breached cloud service providers, wormed through their infrastructure, and hacked even more companies.
US officials said the primary purpose of these hacks was to steal trade secrets and intellectual property that the Chinese government later passed to local Chinese companies, helping create an unfair advantage for local firms on the global market.
The list of victims is a list of "who's who of the global economy," said DOJ officials in a press conference yesterday, also revealing that allied governments were also preparing supporting statements.
Those statements came in today, and they were fuming, and for good reasons.
"This activity is counter to the commitment all APEC economies, including China, made in November 2016," said New Zealand's Government Communications Security Bureau (GCSB). "APEC economies agreed they should not conduct or support [Information and Communications Technology] ICT-enabled theft of intellectual property or other confidential business information, for commercial advantage."
"This campaign is one of the most significant and widespread cyber intrusions against the UK and allies uncovered to date, targeting trade secrets and economies around the world," said UK Foreign Secretary, Jeremy Hunt. "Our message to governments prepared to enable these activities is clear: together with our allies, we will expose your actions and take other necessary steps to ensure the rule of law is upheld."
Five Eyes countries were also joined by a statement from the Tokyo government, while a similar statement from the Berlin government is expected later today after the German government having issued a warning yesterday to local companies about the possibility of their cloud providers having been hacked.
In a ZDNet exclusive earlier today, Alastair MacGibbon, head of the Australian Cyber Security Centre (ACSC) revealed that China's APT10 hackers had infiltrated at least nine global service providers. Reuters named two of them last night, namely HPE and IBM.
But the Chinese government didn't take the public flogging sitting down. Through state news agencies, Chinese officials claimed Western countries pulled the cyber-theft accusations "out of thin air."
Another news agency went as far as to point out that the US has hacked China in the past, and the Chinese government is only now finding out the extent of those hacks. The news outlet, through a source, pointed the finger at the Equation Group, a codename given by cyber-security companies to the NSA's hacking units.
This is not the first time that multiple countries have banded together to call out a government for its hacking-related exploits. In February this year, the Five Eyes intelligence-sharing alliance called out Russia for orchestrating the NotPetya attacks on Ukraine, which later spread to touch companies all over the globe.
More cybersecurity coverage:
- Two Android apps used in combat by US troops contained severe vulnerabilities
- US ballistic missile systems have very poor cyber-security
- Nokia denies leaking internal credentials in server snafu
- DOD doesn't keep track of duplicate or obsolete software
- Shamoon malware destroys data at Italian oil and gas company
- Law enforcement shut down DDoS booters ahead of annual Christmas DDoS attacks
- How to enable spam call filtering on your Android phone TechRepublic
- New antiphishing features come to Google G Suite CNET