US Sanctions Chinese State Actors Over Hacking of Critical Infrastructure

Eva Fu
By Eva Fu
March 25, 2024China News
US Sanctions Chinese State Actors Over Hacking of Critical Infrastructure
An unnamed Chinese hacker using his computer at their office in Dongguan in China's southern Guangdong province on Aug. 4, 2020. (Nicolas Asfouri/AFP via Getty Images)

The United States is imposing sanctions against Chinese state actors over an expansive hacking attempt that impacted thousands globally, including high-ranking officials, political candidates, and entities from “some of America’s most vital critical infrastructure sectors,” officials announced on March 25.

Authorities accused APT31—a hacking group they identified as an arm of China’s Ministry of State of Security—of waging a nearly 14-year-long hacking operation that has resulted in confirmed and potential compromise of personal and work email accounts, online storage accounts, and telephone call records belonging to millions of Americans, according to a criminal complaint released on Monday.

The group’s list of targets includes senior White House officials; U.S. senators from more than 10 states; officials from the Departments of Justice, Commerce, Treasury, and State; defense contractors; and leading telecom providers, the documents show.

The Justice Department charged seven Chinese nationals from the group over the malicious cyber activities. The male hackers, all between the ages of 34 and 38, are Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, Xiong Wang, and Zhao Guangzong.

Some of the information the hackers seized could inflict harm on democratic institutions, economic plans, and trade secrets while contributing to the billions of dollars lost in the state-sponsored Chinese transfer of U.S. technology, the complaint said.

“Over 10,000 malicious emails, impacting thousands of victims, across multiple continents,” Deputy Attorney General Lisa Monaco said in a statement. “This prolific global hacking operation—backed by the PRC government—targeted journalists, political officials, and companies to repress critics of the Chinese regime, compromise government institutions, and steal trade secrets.” PRC is the acronym for the People’s Republic of China.

The Treasury Department said on Monday it sanctioned the hackers’ affiliated company, Wuhan Xiaoruizhi Science and Technology Company, along with the aforementioned Mr. Ni and Mr. Zhao.

The State Department also offered rewards of up to $10 million for information on the seven individuals and their front firm.

The U.S. actions, announced in conjunction with matching sanctions from the UK, came after the leak of a cache of internal Chinese documents showing a China-based cybersecurity vendor that Beijing hired to infiltrate and undermine the regime’s rivals.

In February, the Cybersecurity and Infrastructure Security Agency warned that Beijing was pre-positioning malware in U.S. systems in preparation for a conflict. The FBI earlier revealed a multiagency operation to dismantle “Volt Typhoon,” a major state-sponsored Chinese hacking group that began targeting sectors of U.S. critical infrastructure.

“The UK does not accept that China’s relationship with the United Kingdom is set on a predetermined course, but this depends on the choices that China makes,” the country’s deputy minister, Oliver Dowden, said on Monday, adding that the Foreign Office will summon the Chinese ambassador to “account for China’s conduct in these incidents.”

NTD Photo
(L-R) British Parliamentarians Tim Loughton, Iain Duncan Smith, and Stewart McDonald hold a press conference following allegations that China is responsible for cyberattacks on the UK Electoral Commission, in London, on March 25, 2024. Allegations have been made that China accessed the personal details of 40 million British voters after a cyberattack on the Electoral Commission as well as 43 UK MPs and Peers. (Carl Court/Getty Images)

Malicious Emails

The prosecutors said conspirators sent thousands of malicious emails to targeted officials in the United States and elsewhere, as well as their family members and contacts, including spouses of a high-level Justice Department official, several high-ranking White House officials, and multiple senators.

The email messages purported to be from prominent U.S. journalists, containing excerpts from news articles in the email body, but included an embedded hyperlink that would allow the hackers to gain access to the recipients’ locations, IP addresses, and other details. This has enabled the conspirators to conduct more direct and sophisticated targeting of their home routers and other electronic devices, the court filing said.

The schemers allegedly sent over 10,000 malicious emails to high-ranking U.S. officials and their advisers, including those involved in international policy and foreign trade issues. From May 2020, the group began targeting senior staffers involved in a presidential campaign, according to the complaint. They also sent emails to other political campaign associates around November 2020, including a retired senior U.S. national security official.

Officials worldwide who were critical of the Chinese regime also became their targets. In 2021, APT31 went after 400 members of the Inter-Parliamentary Alliance on China (IPAC), an international group of legislators aimed at countering the threats of the Chinese Communist Party (CCP). APT31 also sent malicious emails to European Union members of IPAC and 43 UK parliamentary accounts, most of whom were part of IPAC or outspoken about the CCP.

The hackers hacked or attempted to hack dozens of entities in sectors of national economic importance, using sophisticated malware to control the victims’ protected computers and steal non-public information.

They were able to compromise the devices of a California network provider, which further spread malware to its customers, including a nuclear power engineering company. They also penetrated the devices of a military flight simulator supplier for the U.S. military, several firms providing defense services, a top U.S. 5G network supplier, a leading global wireless carrier based in Illinois, and a machine learning laboratory in Virginia.

In response to the U.S.-China economic tensions in 2018 over tariffs, the hackers penetrated the network of one of the largest U.S. steel producers to surveil the victim.

The defendants and the APT31 group also aided the CCP’s transnational repression in their efforts to compromise networks of pro-democracy activists and their supporters, including Hong Kong legislators and journalists.

Iain Duncan Smith, the former leader of the UK Conservative Party, said that the hackers had impersonated him and sent emails to politicians around the world suggesting that he had changed his views on China.

“We have been subjected to harassment, impersonation, and attempted hacking from China for some time,” he said at a press conference on Monday.

But the “extremely unwelcome discomfort pales in comparison to Chinese dissidents who risk their lives to oppose the Chinese Communist Party,” he continued. “It’s high time that they received much greater support from their host governments.”

From The Epoch Times

ntd newsletter icon
Sign up for NTD Daily
What you need to know, summarized in one email.
Stay informed with accurate news you can trust.
By registering for the newsletter, you agree to the Privacy Policy.