Canada Targeted by Same Group of Chinese Hackers Behind Global Cyberespionage

Five Eyes allies condemned the group of Beijing-backed hackers.
Canada Targeted by Same Group of Chinese Hackers Behind Global Cyberespionage
A sign for the Communications Security Establishment outside the agency’s headquarters in the east end of Ottawa. The Canadian Press/Sean Kilpatrick
Andrew Chen
Updated:

Canada was targeted by the same group of Chinese hackers currently facing widespread condemnation for cyberespionage against the United States and the United Kingdom, reported Canada’s electronic intelligence agency.

On March 25, the United States sanctioned the group known as Advanced Persistent Threat 31, or APT31, identified by the U.S. Justice Department as part of a Chinese Ministry of State Security cyberespionage program. The U.S. department has charged seven individuals associated with the group, which has allegedly spent approximately 14 years targeting both U.S. and foreign critics, businesses, and political officials.

Canada’s Communications Security Establishment (CSE) confirmed that this Chinese group has also targeted Canada.

“The Cyber Centre generally does not comment on specific cyber security incidents, however, we can confirm that we have seen malicious activity by this same threat actor targeting Canada,” CSE spokesperson Nayeli Sosa said in a statement to CBC News.

The Epoch Times reached out to the CSE for comment on the timeline of the group’s cyberattacks on Canada but did not receive a response by publication time.

Public Safety Minister Dominic LeBlanc said on March 26 that Canada is “aware of the threat of cyberattacks” when asked about the recent incidents directed at the allied countries.

“China is a country that perpetrates this type of activity. But it not alone,” he said during a press conference held in Halifax.

The minister said that cyber threats were discussed during his virtual meeting a day earlier with senior national security officials from the Five Eyes alliance. Participants in the meeting included the U.S. secretary for homeland security and the British home secretary, he said. The Five Eyes is an intelligence-sharing network comprising Canada, the United States, the United Kingdom, Australia, and New Zealand.

Mr. LeBlanc added that “no country is immune from the threat of cyberattacks.”

“We really took stock during the conversation—these threats do exist,” he said  “We continue to work as a group of Five Eyes countries in terms of building up the resilience for critical infrastructure,” he said.

Sanctions

The FBI is offering a reward of up to $10 million for information about the seven Chinese hackers charged by the Justice Department.

The individuals include Ni Gaobin, 38; Weng Ming, 37; Cheng Feng, 34; Peng Yaowen, 38; Sun Xiaohui, 38; Xiong Wang, 35; and Zhao Guangzong, 38. All are believed to reside in the People’s Republic of China.

U.S. Deputy Attorney General Lisa Monaco said in a press release that Beijing’s global hacking operation aims to “repress critics of the Chinese regime.” She added that the accused individuals were responsible for “over 10,000 malicious emails, impacting thousands of victims, across multiple continents.”
In a March 25 press release, the UK also said that its Electoral Commission was compromised by a Chinese state-back entity between 2021 and 2022. It also alleged that APT31 conducted espionage activity against UK parliamentarians during a separate campaign in 2021.

The UK announced sanctions on Mr. Zhao, Mr. Ni, and a front company allegedly associated with APT31. The company, Wuhan Xiaoruizhi Science and Technology Company Limited, is also alleged to have ties with the Chinese Ministry of State Security.

Australia and New Zealand have also joined in the criticism.

Australian Foreign Affairs Minister Penny Wong and Minister for Cyber Security Clare O’Neil issued a joint statement on March 26, expressing “serious concerns about malicious cyber activities by China state-backed actors” directed at the UK democratic institutions and parliamentarians.
On March 26, the New Zealand government said that its National Cyber Security Centre has attributed a 2021 compromise of the country’s Parliamentary Counsel Office and the Parliamentary Service to another Chinese hacker group identified as APT40.
Subsequently, Foreign Minister Winston Peters said New Zealand has conveyed its concerns about cyber threats to Beijing.
“Foreign interference of this nature is unacceptable, and we have urged China to refrain from such activity in future. New Zealand will continue to speak out–consistently and predictably–where we see concerning behaviours like this,” Mr. Peters said in a press release.
Reuters contributed to this report.