The United States is imposing sanctions against Chinese state actors over an expansive hacking attempt that impacted thousands globally, including high-ranking officials, political candidates, and entities from “some of America’s most vital critical infrastructure sectors,” officials announced on March 25.
Authorities accused APT31—a hacking group they identified as an arm of China’s Ministry of State Security—of waging a nearly 14-year-long hacking operation that has resulted in the confirmed and potential compromise of personal and work email accounts, online storage accounts, and telephone call records belonging to millions of Americans, according to a criminal complaint released on March 25.
The group’s list of targets includes senior White House officials; U.S. senators from more than 10 states; officials from the departments of Justice, Commerce, Treasury, and State; defense contractors; and leading telecom providers, the documents show.
The Justice Department charged seven Chinese nationals from the group over the malicious cyber activities. The male hackers, all between the ages of 34 and 38, are Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, Xiong Wang, and Zhao Guangzong.
Some of the information that the hackers seized could inflict harm on democratic institutions, economic plans, and trade secrets while contributing to the billions of dollars lost in the state-sponsored Chinese transfer of U.S. technology, according to the complaint.
“Over 10,000 malicious emails, impacting thousands of victims, across multiple continents,” U.S. Deputy Attorney General Lisa Monaco said in a statement. “This prolific global hacking operation—backed by the PRC government—targeted journalists, political officials, and companies to repress critics of the Chinese regime, compromise government institutions, and steal trade secrets.” PRC is the acronym for the People’s Republic of China.
The Treasury Department said on March 25 that it sanctioned the hackers’ affiliated company, Wuhan Xiaoruizhi Science and Technology Company, along with the aforementioned Mr. Ni and Mr. Zhao.
The State Department also offered rewards of up to $10 million for information on the seven individuals and their front firm.
“The UK does not accept that China’s relationship with the United Kingdom is set on a predetermined course, but this depends on the choices that China makes,” the country’s deputy prime minister, Oliver Dowden, said on March 25, adding that the Foreign Office will summon the Chinese ambassador to “account for China’s conduct in these incidents.”
Malicious Emails
The prosecutors said conspirators sent thousands of malicious emails to targeted officials in the United States and elsewhere, as well as to their family members and contacts, including spouses of a high-level Justice Department official, several high-ranking White House officials, and multiple senators.The email messages purported to be from prominent U.S. journalists, containing excerpts from news articles in the email body, but included an embedded hyperlink that would allow the hackers to gain access to the recipients’ locations, IP addresses, and other details. This has enabled the conspirators to conduct more direct and sophisticated targeting of their home routers and other electronic devices, the court filing said.
The schemers allegedly sent more than 10,000 malicious emails to high-ranking U.S. officials and their advisers, including those involved in international policy and foreign trade issues. Starting in May 2020, the group began targeting senior staffers involved in a presidential campaign, according to the complaint. They also sent emails to other political campaign associates, including a retired senior U.S. national security official, in about November 2020.
Officials worldwide who were critical of the Chinese regime also became their targets. In 2021, APT31 went after 400 members of the Inter-Parliamentary Alliance on China (IPAC), an international group of legislators aimed at countering the threats of the Chinese Communist Party (CCP). APT31 also sent malicious emails to European Union members of IPAC and 43 UK parliamentary accounts, most of whom were part of IPAC or outspoken about the CCP.
The hackers hacked or attempted to hack dozens of entities in sectors of national economic importance, using sophisticated malware to control the victims’ protected computers and steal nonpublic information.
They were able to compromise the devices of a California network provider, which further spread malware to its customers, including a nuclear power engineering company. They also penetrated the devices of a military flight simulator supplier for the U.S. military, several firms providing defense services, a top U.S. 5G network supplier, a leading global wireless carrier based in Illinois, and a machine learning laboratory in Virginia.
In response to the U.S.-China economic tensions in 2018 over tariffs, the hackers penetrated the network of one of the largest U.S. steel producers to surveil the victim.
The defendants and the APT31 group also aided the CCP’s transnational repression in their efforts to compromise networks of pro-democracy activists and their supporters, including Hong Kong legislators and journalists.
Member of Parliament Iain Duncan Smith, the former leader of the UK Conservative Party, said the hackers had impersonated him and sent emails to politicians around the world suggesting that he had changed his views on China.
“We have been subjected to harassment, impersonation, and attempted hacking from China for some time,” he said at a news conference on March 25.
But the “extremely unwelcome discomfort pales in comparison to Chinese dissidents who risk their lives to oppose the Chinese Communist Party,” Mr. Smith said. “It’s high time that they received much greater support from their host governments.”