Once again, China faces intense global scrutiny. Recent changes in its tech policy, such as the decision to phase out AMD and Intel microprocessors in governmental applications, have drawn attention. Serious allegations have been made by the U.S. and the U.K., accusing Beijing of orchestrating a large-scale cyberespionage campaign. This campaign reportedly impacted millions, including lawmakers, academics, journalists, and companies, particularly in the defense sector.
- The United States and Britain have filed charges and imposed sanctions on a company and individuals linked to a Chinese state-backed hacking group called APT31. They allege that this group was involved in a broad cyber espionage campaign.
- This group allegedly operated under the direction of China's Ministry of State Security and conducted a cyber espionage campaign for over a decade, targeting millions of individuals, primarily in the U.S. and Britain. The targets included officials, lawmakers, activists, academics, journalists, and companies, ranging from defence contractors to U.S. smartphone makers.
- Foreign Ministry spokesman Lin Jian called on the U.S. and British governments to cease politicizing cybersecurity matters, refrain from defaming China, imposing one-sided sanctions, and engaging in cyber-attacks against China.
- APT31, or Advanced Persistent Threat Group 31, is a Chinese state-sponsored cyber espionage group composed of intelligence officers, contract hackers, and support personnel. They are known for hacking and malicious cyber operations, as described by the U.S. Treasury Department. APTs, or Advanced Persistent Threats, are a broad term referring to cyber actors or groups, frequently sponsored by states, that conduct malicious cyber activities.
- The group, also known as Zirconium, reportedly operated under the guise of a front company named Wuhan Xiaoruizhi Science and Technology Company (Wuhan XRZ) from at least 2010 until January 2024. This information is based on a U.S. indictment filed in New York's Eastern District Court. The group is believed to be associated with China's Ministry of State Security (MSS) in the province of Hubei.
- Additionally, on March 25, the New Zealand government asserted that another state-sponsored Chinese hacking group, APT40, was responsible for a cyberattack on its parliament in 2021.
Accusations Against APT31
- APT31, along with Chinese security authorities, is accused of targeting thousands of U.S. and foreign politicians, foreign policy experts, and other individuals in line with the MSS's objectives of foreign intelligence and economic espionage, as stated by the U.S. Their targets also included individuals in the White House, State Department, and the spouses of officials.
- The hacks were frequently carried out in connection with geopolitical events impacting China, such as economic tensions with the U.S., maritime disputes in the South China Sea, the Hong Kong pro-democracy protests in 2019, and the subsequent crackdown, as stated in the U.S. indictment.
- According to the indictment, the conspiracy encompassed over 10,000 malicious emails distributed across multiple continents, constituting a "prolific global hacking operation" supported by Beijing. The objectives included silencing Beijing critics, infiltrating government institutions, and pilfering trade secrets, as stated by U.S. authorities.
- The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Wuhan XRZ and seven Chinese individuals, including Ni Gaobin and Zhao Guangzong, on March 25.
- The British government similarly imposed sanctions on the Wuhan company and the two individuals, Ni and Zhao. British authorities alleged they were responsible for a 2021 email hack targeting the Inter-Parliamentary Alliance on China (IPAC), a British group linked to an international network of politicians critical of China. Additionally, they were accused of carrying out a cyber-attack on Britain's Electoral Commission from 2021 to 2022.
What Information Do We Have About the Sanctioned Individuals?
- The seven men, aged between 34 and 38, as outlined in the U.S. indictment, are accused of hacking activities to further the objectives of the MSS in foreign intelligence and economic espionage.
- Wuhan XRZ is officially registered as a company specializing in technology development and consulting, according to China's Qichacha company information database. The company has fewer than 50 employees and is located in a technology development zone in the southeastern suburbs of Wuhan.
- The British government stated on its updated sanctions list that the firm and APT31 were "responsible for, engaging in, or providing support for the commission, planning, or preparation of relevant cyber activity on behalf of the Chinese State."
- The current legal owner, listed as Wang Hongye, assumed ownership from a previous owner in late 2023. The firm was established in 2010 with a registered capital of 250,000 yuan.
- U.S. authorities have announced rewards of up to $10 million for information leading to the identification of the hackers.
- Ni, a 38-year-old Chinese citizen who has been sanctioned by both the U.S. and U.K., was specifically highlighted by the U.S. for targeting Hong Kong democracy activists, lawmakers, and members of the Uyghur minority group through spear-phishing campaigns and interference with information systems.
- In recent years, China has intensified its suppression of dissidents in Hong Kong and the northwestern region of Xinjiang, which is home to many Uyghurs.
