Statement by North Atlantic Council in solidarity with those affected by recent malicious cyber activities including Microsoft

NATO

1. We observe with increasing concern that cyber threats to the security of the Alliance are complex, destructive, coercive, and becoming ever more frequent. This has been recently illustrated by ransomware incidents and other malicious cyber activity, targeting our critical infrastructure and democratic institutions, as well as exploiting weaknesses in hardware and software supply chains.

2. We condemn such malicious cyber activities which are designed to destabilize and harm Euro-Atlantic security and disrupt the daily lives of our citizens. We use NATO as a platform for political consultations, to share concerns about malicious cyber activities, to exchange national approaches and responses, as well as to consider possible collective responses. Reaffirming NATO’s defensive mandate, the Alliance is determined to employ the full range of capabilities, as applicable, at all times to actively deter, defend against, and counter the full spectrum of cyber threats, in accordance with international law. NATO will continue to adapt to the evolving cyber threat landscape, which is affected by both state and non-state actors, including state-sponsored. We remain committed to uphold strong national cyber defences, including through full implementation of NATO’s Cyber Defence Pledge.

3. We stand in solidarity with all those who have been affected by recent malicious cyber activities including the Microsoft Exchange Server compromise. Such malicious cyber activities undermine security, confidence and stability in cyberspace. We acknowledge national statements by Allies, such as Canada, the United Kingdom, and the United States, attributing responsibility for the Microsoft Exchange Server compromise to the People’s Republic of China. In line with our recent Brussels Summit Communiqué, we call on all States, including China, to uphold their international commitments and obligations and to act responsibly in the international system, including in cyberspace. We also reiterate our willingness to maintain a constructive dialogue with China based on our interests, on areas of relevance to the Alliance such as cyber threats, and on common challenges.

4. We promote a free, open, peaceful and secure cyberspace, and pursue efforts to enhance stability and reduce the risk of conflict by promoting respect for international law and the voluntary norms of responsible state behaviour in cyberspace, as recognized by all member states of the United Nations. We are working together as an Alliance and with like-minded partners to address these challenges. All States have an important role to play in promoting and upholding these voluntary norms of responsible state behaviour.

Public Release. More on this here.