01 Biden Xi SPLIT

A version of this story appeared in CNN’s What Matters newsletter. To get it in your inbox, sign up for free here.

Washington CNN  — 

The United States and its foreign allies on Monday accused China of a range of hostile cyber activities, including through a massive hack of Microsoft’s email system and other ransomware attacks,

Read this report from CNN’s Kevin Liptak. In a coordinated announcement, the White House and governments in Europe and Asia identified China’s Ministry of State Security, the sprawling and secretive civilian intelligence agency, with using “criminal contract hackers” to conduct a range of destabilizing activities around the world for personal profit, including the Microsoft hack.

The administration also said China was behind a specific ransomware attack against a US target that a senior administration official said involved a “large ransom request” – and added that Chinese ransom demands have been in the “millions of dollars.”

For help understanding this new front in the US cyber offensive, the What Matters newsletter posed a few key questions to CNN technology reporter Brian Fung, who covers the intersection of business and policy.

Our conversation, conducted via Slack and lightly edited for flow, is below.

What Matters: How big of a deal is it that the US and its foreign allies are accusing China of widespread malfeasance in cyberspace?

BF: It’s a pretty big deal. For one thing, until now the Biden administration has been more focused on Russian hacking than on Chinese hacking, so it raises the profile of malicious Chinese cyber activity. For another, while past US administrations have been willing to call out China for hacking, it’s notable that this time the US got so many other countries and allies involved.

For example, this marks the first time that NATO has condemned Chinese cyberattacks. And there are many countries within NATO that have complicated relationships with China that they might not want to upset, so cybersecurity experts say it’s a victory for the US that it was able to present a unified front. The coordinated accusations also set the stage for future sanctions, potentially.

What Matters: An official told CNN that China’s activities include “cyber-enabled extortion, crypto-jacking and theft from victims around the world for financial gain” along with ransomware attacks. How serious are these activities?

BF: As we’ve seen with meatpacking and oil pipelines, ransomware is a really significant issue right now that can have devastating effects if the right precautions aren’t taken. Crypto-jacking, or the use of malicious software that co-opts a computer’s resources to quietly generate cryptocurrency, is less talked about but also shows how creative hackers can be at profiting from their victims.

The actors called out by the Biden administration on Monday are described as “criminal contract hackers” that do hacking on behalf of Beijing, but also for their own personal gain.

What Matters: Biden said he isn’t applying sanctions on China for its role as his team continues to determine the extent of Beijing’s actions. What goes into these investigations and why do they take so long?

BF: Because hackers can use virtual private networks, cloud-based servers and other tricks and tools to hide their true locations, it can be really difficult to trace any given cyberattack back to its source. Experts typically have to use sophisticated forensic techniques – like comparing code fragments and looking for patterns – to come up with an educated guess as to which groups might be responsible for an attack. And even then, officials usually caveat their attributions by stating how confident they are.

In this case, US officials said they have a high level of confidence that Chinese state-sponsored hackers are responsible for the Microsoft Exchange hacks and other malicious cyber activities.

What Matters: What kinds of vulnerabilities have the cyberattacks against the US exposed?

BF: Mostly the same sorts of vulnerabilities that information security experts have long warned about. According to the Department of Homeland Security, Chinese hackers have sought to conduct surveillance on targets in academia, aerospace and defense, education, government, health care, manufacturing and other important sectors of the economy. In many cases, Chinese hackers are accused of trying to steal trade secrets and intellectual property – and as part of this week’s announcement, the Justice Department indicted several more alleged Chinese hackers for doing just that.

What Matters: What should people pay attention to moving forward?

BF: US officials are urging businesses and organizations to keep their systems and software up-to-date, to develop emergency plans in case they do get hacked and to keep offline backups that they can use to recover from ransomware attacks without paying off their hackers.

From a policy standpoint, keep an eye out for possible additional punitive measures by the US and its allies against China and any impacts that may have on the critical and complex economic relationship between the two countries.