American and British officials on Monday announced criminal charges and punitive sanctions against a Chinese state-sponsored hacking group accused of victimizing millions of people in both countries over the past 14 years.
Prosecutors in the Eastern District of New York named the defendants as Ni Gaobin, Weng Ming, Cheng Fent, Peng Yaowen, Sun Xiaohui, Xiong Wang, and Zhao Guangzong. All are Chinese nationals working for China’s Ministry of State Security (MSS) as part of a cyber threat group dubbed APT31, also known by the alias Zirconium.
APT31 became active sometime around 2010, engaging in a wide range of illegal activity, usually linked to geopolitical events of interest to the Chinese government. For example, APT31’s malicious activity surged during the 2019 Hong Kong pro-democracy protests.
To date, the group has pumped out more than 10,000 malicious emails, targeting victims on several continents. Targets included government officials and their staffers, defense contractors, reporters, academics, and Chinese political dissidents.
Many of the virus-infested emails sent to Western politicians by the Chinese hackers were made to resemble legitimate messages from journalists. The U.S. indictment said APT31 gained illicit access to the records of millions of Americans by compromising thousands of government and corporate email and storage accounts.
The U.S. Treasury Department on Monday sanctioned Wuhan Xiaoruizhi Science and Technology Co., Ltd. (Wuhan XRZ), a front company operated by the MSS to cover the activities of the APT31 hackers.
“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” Attorney General Merrick Garland said on Monday.
“These allegations pull back the curtain on China’s vast illegal hacking operation that targeted sensitive data from U.S. elected and government officials, journalists and academics; valuable information from American companies; and political dissidents in America and abroad. Their sinister scheme victimized thousands of people and entities across the world, and lasted for well over a decade,” said U.S. Attorney for the Eastern District of New York Breon Peace.
“These defendants were part of a Chinese government sponsored hacking group, targeting U.S. businesses and U.S. political officials for intrusion for over a decade as part of a larger, malicious global campaign. These charges are yet another example of hostile actions taken by the PRC to attack not only American businesses and infrastructure, but the security of our nation,” said FBI Assistant Director-in-Charge James Smith of the New York field office.
In the United Kingdom, APT31 perpetrated a major cyberattack that stole the voter registration data of tens of millions of British citizens and attempted to hack the email accounts of members of Parliament. The hackers do not appear to have taken any action with the stolen voter registration data, raising suspicions that the hack was just a dry run, testing the defenses of Britain’s election system.
“This is the latest in a clear pattern of hostile activity originating in China. Part of our defense is calling out this behavior,” Deputy Prime Minister Oliver Dowden said on Monday.
The leftist New York Times (NYT) contrasted the aggressive and unified response by U.S. and British officials on Monday to the Obama administration’s extreme reluctance to name China as the culprit behind the Office of Personnel Management (OPM) hack in 2015, also known as “Cyber Pearl Harbor” – arguably the most damaging data breach in the brief history of the Internet.
“But now the United States is increasingly public about the dangers. Cabinet secretaries and intelligence chiefs have begun to testify in public before Congress about an operation called Volt Typhoon, a threat that has preoccupied President Biden and his staff for more than a year, as they have sought to clean Chinese code out of critical systems,” the NYT noted. Volt Typhoon is also believed to be the work of APT31.
China lashed out at both the U.S. and British governments on Tuesday, angrily denying the APT31 indictments as “fake news” and “political manipulation.”
“We urge the U.S. and UK to stop politicizing cyber security issues. Stop smearing China and stop imposing unilateral sanctions on China. Stop their cyber attack against China,” railed Chinese Foreign Ministry spokesman Lin Jian on Tuesday.
“The Chinese side has already made technical clarifications and response to the APT 31-related Information submitted by the UK side, which made clear that the evidence provided by the UK was inadequate,” Lin insisted.