EU & NATO Agree To Confront The Chinese Cyber Threat

An alliance of NATO members, the European Union, Australia, New Zealand and Japan will confront the threat posed by Chinese state-sponsored cyber attacks. The group will share intelligence on cyber threats and collaborate on network defenses and security, according to a senior Biden administration official.

In its first joint action, the alliance will publicly blame China’s Ministry of State Security (MSS) for a cyber attack on Microsoft Exchange earlier this year, which is believed to have hit at least 30,000 American organisations and hundreds of thousands more worldwide.

The attack was carried out by criminal contract hackers working for the MSS who also engage in cyber-enabled extortion, crypto jacking and ransomware, the official said. Also, the Federal Bureau of Investigation, National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) released a new advisory listing 50 tactics, techniques and procedures that Chinese state-sponsored hackers employ.

A Chinese espionage network dubbed Hafnium was named by Microsoft as the attack group. The delay in naming China was partly to give investigators time to assemble the evidence to prove that the Hafnium hackers were on the Chinese state payroll, the official said. It was also important for the United States to act in concert with its allies when it made the public attribution, said the official.

At a time when cyber warfare is becoming the front line in a global power struggle between democracies and autocratic states, the new cybersecurity alliance could become a model for future efforts to confront transnational threats.

The formation of the alliance is intended to build on President Biden’s effort earlier this summer to rally support among NATO and EU allies for a more confrontational approach to China and comes after a number of economic and diplomatic sanctions that the Biden administration has imposed on Beijing this year, in response to alleged human rights abuses in Hong Kong and in Xinjiang province.   Recently, the US sanctioned seven Chinese officials in response to the ongoing crackdown on Hong Kong’s democratic institutions.

The newly launched cybersecurity alliance is focused on cooperative security and threat alerts and not on retaliation.

The White House has raised the Microsoft attacks with senior members of the Chinese government “making clear that the People’s Republic of China's (PRC) actions threaten security, confidence, and stability in cyberspace... We’re not ruling out further actions to hold [China] accountable,” said the senior official, “but we’re also aware that no one action can change the PRC’s behaviour, and neither can one country acting on its own. So, we really focused initially in bringing other countries along with us.”

China Is To Strengthen Cyber Security Regulation

China's Ministry of Industry and Information Technology has published a draft three-year action plan to develop the country's cyber security industry, the market value of all the firms in the sector will be 250 billion yuan ($38.6 billion) by 2023.

  • “Residents in east China’s Shanghai are witnessing and benefiting from the application of a good number of AI and other digital technologies catering for economic and social development, people’s livelihood and other fields”, says the Chinese People’s Daily Online.
  • China’s Guangdong province said it plans to build a common data platform in the Greater Bay area, including Hong Kong and Macau, and a data trading market in Shenzhen. Guangdong will consider establishing a data ‘customs hub’ to review and supervise cross-border data, according to a People’s Government of Guangdong Province statement.  

The Chinese government will “promote the distribution and sharing of data between Guangdong, Hong Kong and Macau, and the use of data to benefit industrial development, social governance and services to people”.
 

CNBC:        PinsentMasons:     Xinhuanet:     Chinese Foreign Ministry:      People's Daily:   Gov.Guangdong:

Cyberspace Affairs Commission:      CNBC

You Might Also Read:  

China’s National Cyber Security Powerhouse Strategy:

 

 

« Looking For Love May Have Unexpected Consequences
Britain & The USA Have Been Spying On Their Friends »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

Sungard Availability Services (Sungard AS)

Sungard Availability Services (Sungard AS)

Sungard AS partners with customers around the globe to understand their unique business needs and provide production and recovery services tailored to their requirements.

Axence

Axence

Axence provides professional solutions for the comprehensive management of IT infrastructure for companies and institutions all over the world.

ISMS.online

ISMS.online

ISMS.online is a cloud software solution for fast & cost-effective implementation of an information security management system and achieve compliance with ISO 27001 and other standards.

GMV

GMV

GMV is a technological business group offering solutions, services and products in diverse sectors including Intelligent Transportation Systems, Cybersecurity, Telecoms and IT.

Level Effect

Level Effect

Level Effect is developing new capabilities to bring a unique perspective on proactive network defense and advanced security analytics.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

Insight Partners

Insight Partners

Insight Partners is a leading global private equity and venture capital firm investing in growth-stage technology, software and Internet businesses.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

Intrinium

Intrinium

Intrinium is an Information Technology and Security Solutions company, providing comprehensive consulting and managed services to businesses of all sizes.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

Salus Cyber

Salus Cyber

Salus is a provider of world-class cyber security services, enabling our clients to identify and manage their cyber risks proactively and effectively.

DIGISOC

DIGISOC

DIGISOC, a leader in Latin America in Cybersecurity solutions, combines machine learning with human intelligence to be effective in detecting cyber threats.

ViCyber

ViCyber

ViCyber is an Australian based company whose mission is to simplify and strengthen cybersecurity for all businesses, irrespective of size.