“We will show how the PRC [People’s Republic of China] MSS, Ministry of State Security, uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit,” senior administration officials said on a call with reporters Sunday night. “Their operations include criminal activities such as cyber-enabled extortion, cryptojacking and theft of victims around the world for financial gain.
Officials said they also know of some “government-affiliated cyber operators conducting ransomware operations against private companies that have included ransom demands of millions of dollars.”
Senior officials said they found the MSS-affiliated ransomware attacks to be “surprising” and gave them “new insights” into how the MSS operates and the “aggressive behavior” coming out of China.
Asked how the tactics from the Chinese differ from similar attacks they see coming out of Russia, senior officials said they sometimes see “some connection” between Russian intelligence services and individuals, but “the MSS use of criminal contract hackers to conduct unsanctioned cyber operations globally is distinct.”
Joining the U.S. in this public announcement is the European Union, United Kingdom, Australia, Canada, New Zealand, Japan and NATO. It’s the first time NATO has condemned Chinese cyber activities.
The FBI, NSA and the Cybersecurity and Infrastructure Security Agency released a list Monday of tactics, procedures and techniques used by Chinese state-sponsored cyber actors.
Among the trends, officials say these actors are “using a revolving series of virtual private servers (VPSs) and common open-source or commercial penetration tools.” They are also accused of looking for ways to exploit vulnerabilities in major applications, like “Pulse Secure, Apache, F5 Big-IP, and Microsoft products.”
The advisory also states that they are using a “full array of tactics and techniques to exploit computer networks of interest worldwide and to acquire sensitive intellectual property, economic, political, and military information.”
“Countries around the world are making it clear that concerns regarding the PRC malicious cyber activity is bringing them together to call out those activities, promote network defense in cybersecurity, and act to disrupt threat to our economies and national security,” a senior administration official said.
The group will also formally attribute the Microsoft Exchange server cyberattack in March to China’s Ministry of State Security (MSS) “with high confidence.”
Asked what caused the delay for the U.S. to officially point to China for that attack, a senior administration official said they wanted to work with allies and partners because victims of this attack were not just in the U.S.
Officials said they have raised these incidents with senior Chinese government officials and “are not ruling out further actions to hold the PRC accountable,” adding that their actions “threaten security, confidence and stability in cyberspace.”
While Monday’s message of condemnation against Chinese cyber hacking came from nations around the world, the group noticeably stopped short of imposing economic sanctions or other more concrete consequences.
ABC’s Rachel Scott asked White House press secretary Jen Psaki if the U.S. would take such a step alone, or whether the administration feels it would be necessary to move in concert with allies to punish China.
“Yes, we would, of course, like to work with countries and work with our key partners around the world, moving forward and you know, obviously, we can’t determine steps and consequences on their behalf. But that is certainly our objective and how we’ve approached our strategy today,” Psaki said.
Psaki also refuted a question suggesting that the U.S. decided not to impose economic sanctions on China, because the U.S. economy depends so heavily on Chinese imports.
“My point is we are not holding back. We are not allowing any economic circumstance or consideration to prevent us from taking actions where warrant. And also, we reserve the option to take additional actions where warrant as well. This is not the conclusion of our efforts as it relates to cyber activities with China or Russia,” Psaki insisted.
Earlier, asked to compare China’s hacking efforts with Russia’s cyber attacks, President Biden said that while Russia may be harboring cyber criminals, China might be facilitating their attacks.
“To best of my knowledge, and I’m getting a report tomorrow morning on this, a detailed report. My understanding is that the Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it, and maybe even accommodating them being able to do it. That may be the difference,” Biden said.
Biden also said he’s not yet going farther with any punishments for China, including sanctions, because the U.S. has not finished looking into the attacks.
“They’re still determining exactly what happened,” he said of his administration officials. “The investigation is not finished.”
ABC News’ Sarah Kolinovsky contributed to this report.