EU & NATO Agree To Confront The Chinese Cyber Threat

An alliance of NATO members, the European Union, Australia, New Zealand and Japan will confront the threat posed by Chinese state-sponsored cyber attacks. The group will share intelligence on cyber threats and collaborate on network defenses and security, according to a senior Biden administration official.

In its first joint action, the alliance will publicly blame China’s Ministry of State Security (MSS) for a cyber attack on Microsoft Exchange earlier this year, which is believed to have hit at least 30,000 American organisations and hundreds of thousands more worldwide.

The attack was carried out by criminal contract hackers working for the MSS who also engage in cyber-enabled extortion, crypto jacking and ransomware, the official said. Also, the Federal Bureau of Investigation, National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) released a new advisory listing 50 tactics, techniques and procedures that Chinese state-sponsored hackers employ.

A Chinese espionage network dubbed Hafnium was named by Microsoft as the attack group. The delay in naming China was partly to give investigators time to assemble the evidence to prove that the Hafnium hackers were on the Chinese state payroll, the official said. It was also important for the United States to act in concert with its allies when it made the public attribution, said the official.

At a time when cyber warfare is becoming the front line in a global power struggle between democracies and autocratic states, the new cybersecurity alliance could become a model for future efforts to confront transnational threats.

The formation of the alliance is intended to build on President Biden’s effort earlier this summer to rally support among NATO and EU allies for a more confrontational approach to China and comes after a number of economic and diplomatic sanctions that the Biden administration has imposed on Beijing this year, in response to alleged human rights abuses in Hong Kong and in Xinjiang province.   Recently, the US sanctioned seven Chinese officials in response to the ongoing crackdown on Hong Kong’s democratic institutions.

The newly launched cybersecurity alliance is focused on cooperative security and threat alerts and not on retaliation.

The White House has raised the Microsoft attacks with senior members of the Chinese government “making clear that the People’s Republic of China's (PRC) actions threaten security, confidence, and stability in cyberspace... We’re not ruling out further actions to hold [China] accountable,” said the senior official, “but we’re also aware that no one action can change the PRC’s behaviour, and neither can one country acting on its own. So, we really focused initially in bringing other countries along with us.”

China Is To Strengthen Cyber Security Regulation

China's Ministry of Industry and Information Technology has published a draft three-year action plan to develop the country's cyber security industry, the market value of all the firms in the sector will be 250 billion yuan ($38.6 billion) by 2023.

  • “Residents in east China’s Shanghai are witnessing and benefiting from the application of a good number of AI and other digital technologies catering for economic and social development, people’s livelihood and other fields”, says the Chinese People’s Daily Online.
  • China’s Guangdong province said it plans to build a common data platform in the Greater Bay area, including Hong Kong and Macau, and a data trading market in Shenzhen. Guangdong will consider establishing a data ‘customs hub’ to review and supervise cross-border data, according to a People’s Government of Guangdong Province statement.  

The Chinese government will “promote the distribution and sharing of data between Guangdong, Hong Kong and Macau, and the use of data to benefit industrial development, social governance and services to people”.
 

CNBC:        PinsentMasons:     Xinhuanet:     Chinese Foreign Ministry:      People's Daily:   Gov.Guangdong:

Cyberspace Affairs Commission:      CNBC

You Might Also Read:  

China’s National Cyber Security Powerhouse Strategy:

 

 

« Looking For Love May Have Unexpected Consequences
Britain & The USA Have Been Spying On Their Friends »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIIS Cyber Initiative

MIIS Cyber Initiative

The Cyber Initiative's mission is to assess the impact of the information age on security, peace and communications.

LogonBox Software

LogonBox Software

LogonBox Software specialises in producing a cost-effective range of Network Security and Identity Management software solutions for all sizes of Enterprise.

ObjectSecurity

ObjectSecurity

ObjectSecurity is a leader in authorization policy automation. With OpenPMF, you can manage application security policies for access control and auditing.

Rewertz

Rewertz

Rewterz is a cyber security company based out of Dubai, serving customers in UAE, Oman, Qatar, Bahrain, Saudi Arabia, and Pakistan.

Cyversity

Cyversity

Cyversity's mission (formerly ICMCP) is the consistent representation of women and underrepresented minorities in the cybersecurity industry.

IntelligInts

IntelligInts

IntelligInts provide 24×7 threat monitoring, hunting, alerting, and mitigation in our world class Security Operations Center.

CACI International

CACI International

CACI is at the forefront of developing and delivering technological breakthroughs that transform and optimize government operations.

MoogleLabs

MoogleLabs

MoogleLabs leverage AI/ML, Blockchain, DevOps, and Data Science to come up with the best solutions for diverse businesses.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

CDS

CDS

CDS is a strategic change agency enabling organisations and businesses to create and build better services to meet the evolving needs of customers, employees and citizens.

Security Risk Advisors (SRA)

Security Risk Advisors (SRA)

Security Risk Advisors deliver cybersecurity services to leading companies in the Financial Services, Healthcare, Pharmaceuticals, Technology and Retail industries.

Cura Technology

Cura Technology

Cura Technology offers a wide array of security solutions meticulously designed to address specific facets of your security requirements.

HYCU

HYCU

HYCU was born of the need to simplify data protection and provide equivalent levels of backup and recovery support across on premises, public cloud, and SaaS workloads.

CyberForceHQ

CyberForceHQ

CyberForce helps cyber security professionals take real-world tests, get ranked and get paid better. It's that simple.

National Cybersecurity Agency (ANCI) - Chile

National Cybersecurity Agency (ANCI) - Chile

ANCI (Agencia Nacional de Ciberseguridad) is the National Cybersecurity Agency of Chile.

CyberSentriq

CyberSentriq

CyberSentriq provides an unmatched combination of proactive AI-driven email and web security, advanced data protection, and operational resilience.