The US claims the individuals were Beijing’s front in an indictment and sanctions announcement
The US and UK have accused hackers backed by China’s government spy agency of conducting a years-long cyber-attack campaign targeting politicians, journalists, and businesses.
The operation allegedly involved sophisticated phishing campaigns targeting political dissidents and China’s critics, resulting in compromised email systems and networks, according to the US.
The US government announced sanctions on Monday against hackers it claims were responsible for the scheme. The UK has imposed sanctions on two individuals and a front company linked to the cyber-espionage group APT31, associated with the Chinese Ministry of State Security.
The New Zealand government announced on Tuesday that it had raised concerns with the Chinese government regarding its involvement in an attack targeting the country’s parliamentary entities in 2021.
The US Treasury’s Office of Foreign Assets Control has sanctioned Wuhan Xiaoruizhi Science and Technology Company Ltd, which it identifies as a front for the Chinese Ministry of State Security, alleging that it “served as cover for multiple malicious cyberoperations.”
In press releases and an unsealed indictment, the US government accused China of conducting an extensive and intrusive state-backed hacking program dating back over a decade. Merrick Garland, the US Attorney General, described the hacking operation as evidence of “the lengths to which the Chinese government is willing to go to target and intimidate its critics.”
The Treasury office identified two Chinese nationals, Zhao Guangzong and Ni Gaobin, associated with the Wuhan company, for cyber operations targeting critical infrastructure sectors in the US, including defense, aerospace, and energy. It also classified these threats as part of the cyber hacking group APT 31, which stands for “advanced persistent threat” and includes state-sponsored contract hackers and intelligence officers.
“APT 31 has aimed at a broad array of high-ranking US government officials and their advisors, who are critical to US national security,” the department stated in a press release.
The US Department of Justice has charged Zhao, Ni, and five other hackers with conspiracy to commit computer intrusions and wire fraud. The agency stated that they were part of a 14-year-long cyber operation “targeting US and foreign critics, businesses, and political officials.”
“Today’s announcements highlight the importance of remaining vigilant against cybersecurity threats and potential cyber-enabled foreign malign influence efforts, particularly as we approach the 2024 election cycle,” said Matthew G. Olsen, the Assistant Attorney General.
The hacking campaign involved sending over 10,000 malicious emails containing hidden tracking links that allowed APT 31 to access information about their targets, including locations and IP addresses. According to the Justice Department, the emails targeted government officials worldwide critical of China’s policies, including White House staff and election campaign workers from both major parties.
British authorities have also imposed sanctions
UK officials stated that those sanctioned by the country are responsible for a hack that potentially accessed information on tens of millions of UK voters held by the Electoral Commission. They are also accused of cyber-espionage targeting lawmakers who have voiced concerns about threats from China.
The Foreign Office clarified that the hack of the election registers “has not affected electoral processes, individuals’ rights, or access to the democratic process, nor has it impacted electoral registration.”
The Electoral Commission reported in August that it detected a breach of its system in October 2022, noting that “hostile actors” had first accessed its servers in 2021. At that time, the watchdog revealed that the breached data included names and addresses of registered voters, although much of this information was already publicly available.
While British authorities did not disclose the company or individuals involved, they confirmed that the sanctioned individuals were linked to the operations of the Chinese cyber group APT 31, also known as Zirconium or Hurricane Panda.
APT 31 has been previously implicated in targeting US presidential campaigns and the information systems of Finland’s parliament, among other entities.
British cybersecurity officials stated that Chinese government-affiliated hackers engaged in “reconnaissance activity” against British parliamentarians critical of Beijing in 2021. They confirmed that no parliamentary accounts were successfully compromised.
Three lawmakers, including former Conservative party leader Iain Duncan Smith, informed reporters on Monday that they have faced “harassment, impersonation, and attempted hacking from China for some time.” Duncan Smith cited an instance where hackers impersonating him used fake email addresses to contact his associates.
The politicians belong to the Inter-Parliamentary Alliance on China, an international group that aims to counter Beijing’s increasing influence and highlight alleged human rights violations by the Chinese government.
Oliver Dowden, Britain’s Deputy Prime Minister, stated that the government will call China’s ambassador to explain its actions.
China’s foreign ministry stated before the announcement that countries should substantiate their claims with evidence instead of making unfounded accusations.
Lin Jian, a spokesperson for the ministry, emphasized, “Cybersecurity issues should not be politicized.” He added, “We hope all parties will refrain from spreading misinformation, adopt a responsible approach, and collaborate to uphold peace and security in cyberspace.”
British Prime Minister Rishi Sunak reiterated concerns about China’s increasingly assertive behavior abroad, labeling it as “the greatest state-based threat to our economic security.” He stated, “It is necessary for us to take measures to protect ourselves, which is precisely what we are doing,” without providing specific details.
Critics of China, including Duncan Smith, have consistently urged Sunak to adopt a firmer stance on China and classify the country as a threat rather than a “challenge” to the UK. However, the government has refrained from using such critical language.
