President Joe Biden rejected the U.S. intelligence community’s assessments on Monday when he explained why he won’t introduce sanctions against China in response to its Microsoft Exchange hack.
Biden did so with a statement evoking memories of former President Donald Trump’s delusional contesting of U.S. intelligence assessments on Russian interference in the 2016 election.
“My understanding,” the president said, “is that the Chinese government, not unlike the Russian government, is not doing this [Microsoft Exchange hacking] themselves, but are protecting those who are doing it and maybe even accommodating them in being able to do it.”
This is factually incorrect. There are two options here: Biden either misspoke, or he is being deceptive.
While the U.S. government did specifically attribute a broader campaign of Chinese cyber-espionage/aggressive intrusion to the Ministry of State Security on Monday, I understand the U.S. intelligence community assesses the specific Microsoft Exchange attack as a state-authorized activity.
Britain’s Government Communications Headquarters signal intelligence service best reflected the transatlantic intelligence assessment in a Monday press release. GCHQ noted that “Chinese state-backed actors were responsible” for the Microsoft Exchange hack and “assessed that it was highly likely that a group known as HAFNIUM, which is associated with the Chinese state, was responsible for the activity.”
True, this is careful language. However, I understand that when it comes to evidence linking the Chinese Communist Party’s security apparatus to Hafnium, this statement hints at just the tip of the iceberg. I understand that a shared assessment by the British and the U.S. National Security Agency predicates China’s control over Hafnium on the basis of four factors.
First, Hafinum’s access to cyber penetration and concealment capabilities are known to be controlled by the Chinese government.
Second, Hafnium’s established priority ability to leverage Chinese government resources, personnel (including on U.S. soil), and territory for its activities.
Third, intelligence assessments that China is increasingly reliant on threat actors, such as Hafnium, pursue a greater pretense of deniability.
The Chinese have learned from Russian cyberactivity, here, using cyber capabilities that pretend to be independent of government but are actually thinly veiled cutouts for the regime.
Fourth, Hafnium’s targeting of information and organizations is of limited value to private ransomware-style actors but of high value to the Chinese state.
Biden said he’s receiving another briefing on Tuesday morning. We should expect him to revisit his Monday statement. If not, he is denying the facts and incentivizing further Chinese attacks on the United States.
