"The Biden administration has since been silent on attributing the hack to China. A spokesperson for the National Security Agency told the Washington Examiner to reach out to the National Security Council. The NSC did not provide a comment. A spokesperson for DHS said to “please contact the FBI for help with this inquiry.” The FBI spokesperson said that “unfortunately, we do not have a comment.” A DOJ spokesperson said they "don't have anything to share with you on this at this time.” A spokesperson for the Cybersecurity and Infrastructure Security Agency said that “we do not have a comment on attribution.” And the Office of the Director of National Intelligence did not respond to a request for comment.
In April, the Biden administration attributed the massive SolarWinds cyberattack to Russia’s Foreign Intelligence Service, also known as the SVR, and a fact sheet released by the White House said the U.S. was “formally naming” the SVR “as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures” and that the intelligence community “has high confidence in its assessment of attribution to the SVR.” Former Secretary of State Mike Pompeo and former Attorney General William Barr both said in December they believed the cybercampaign was likely carried out by Russia.
Biden said in May that the ransomware attack on the Colonial Pipeline by the DarkSide gang wasn’t directed by the Kremlin but said the U.S. had "strong reason" to believe the criminals "are living in Russia." The White House says it has been in "direct communication" with Moscow, though, calling on Vladimir Putin's government to take action against the ransomware attackers.
Ben Read, the director of analysis at Mandiant Threat Intelligence, which is part of the FireEye cybersecurity firm, told the Washington Examiner there had been “three stages” of the Microsoft hack, arguing the first stage “was kind of limited use by what Microsoft tracks as Hafnium — we think likely China,” while the second stage was “a more widespread use by additional different Chinese groups.” The third stage was when the vulnerability became “publicly available” and was exploited by a yet-unknown number of other hacker groups.
“With sort of the initial Hafnium stuff, I have no reason to doubt Microsoft, they’re very good at what they do, their security team, and there’s so much of it, and we’re aware that it was likely used by other actors as well, especially when the proof of concept go out there, so it’s not sort of a singular event that I can easily talk about as sort of one event, but in general, yes, the initial use and since follow-up stuff we saw we think is likely China,” Read said. “The exploit was used, we believe, by multiple groups, so our analytic line is we have probably moderate confidence that at least some of the exploitation is linked to previously tracked groups we attribute to China.”
When describing how FireEye attributes hacks to China, he said: “With these specific groups, they are groups we believe, at the very least, act in support of, sort of, PRC goals … They appear to have significant funding because they’re able to operate for an extended period of time, sort of with a large amount of operations with sophistication — it takes money to do that. And the information they’re stealing is not easily monetizable, and in some cases, you have further forensic or pattern of life or other reasons, the belief that they’re located in China, or things like that, they speak Chinese … so the specific constellation is different for every group, but that’s kind of the general we have, that middle phase, linked to China.”"
https://www.washingtonexaminer.com/news/microsoft-hit-chinese-hackers-biden-admin-wont-point-finger?
