Hackers backed by China’s spy agency have been accused by the US and Britain of waging a years-long cyberattack campaign targeting politicians, journalists and companies.
According to the US, political dissidents and critics of China were targeted in sophisticated phishing campaigns during the operation, leading to some email systems and networks being compromised.
The US government on Monday announced sanctions against hackers it says are responsible for carrying out the plan. Two individuals and a front company linked to the cyber espionage group APT31, which has ties to China’s ministry of state security, have been hit with sanctions by Britain.
On Tuesday, the New Zealand government said it had also raised concerns with the Chinese government over its involvement in an attack targeting the country’s parliamentary entities in 2021.
The US Department of Foreign Assets Control said it has sanctioned Wuhan Xiaoruizhi Science and Technology Company Ltd, which it calls a front for China’s Ministry of State Security that “has served as a front for multiple malicious cyber operations.”
In press releases and an unsealed indictment, the U.S. government accused China of carrying out an extensive and invasive state-sponsored hacking program dating back more than a decade. Merrick Garland, the US attorney general, called the hacking operation evidence of “the ends to which the Chinese government is willing to target and intimidate its critics.”
The Treasury Department named two Chinese nationals, Zhao Guangzong and Ni Gaobin, linked to the Wuhan company, for cyber operations targeting U.S. critical infrastructure sectors, including defense, space and energy. It also listed these threats as part of the cyberhacking group APT 31, which stands for “advanced persistent threat” and includes state-sponsored contract hackers and intelligence officials.
“APT 31 has targeted a broad range of senior U.S. government officials and their advisors who are integral to U.S. national security,” the department said in a news release.
The US Department of Justice has charged Zhao, Ni and five other hackers with conspiracy to commit computer intrusions and wire fraud. The agency said they were part of a 14-year cyber operation “targeting U.S. and foreign critics, corporations and political officials.”
“Today’s announcements underscore the need to remain vigilant against cybersecurity threats and the potential for cyber-enabled foreign malign influence efforts, especially as we approach the 2024 election cycle,” said Matthew G. Olsen, the assistant attorney general .
The hacking campaign involved sending more than 10,000 malicious emails, which contained hidden tracking links that allowed APT 31 to access information about their targets, including locations and IP addresses. The emails were addressed to government officials around the world who were critical of Chinese policies, including White House officials and election campaign workers from both major parties, the Justice Department said.
British authorities are also adding sanctions
British officials said those sanctioned by the country are responsible for a hack that may have accessed information on tens of millions of British voters held by the Electoral Commission, as well as cyber espionage targeting lawmakers who have been outspoken about threats from China .
The State Department said the hack of the election registers “has not had an impact on electoral processes, nor has it affected the rights or access to the democratic process of any individual, nor has it affected electoral registration.”
The Electoral Commission said in August that it had identified a breach of its system in October 2022, although it added that “hostile actors” had first gained access to its servers in 2021.
At the time, the watchdog said the data included the names and addresses of registered voters. But it said much of the information was already in the public domain.
British authorities have not named the company or the two individuals. But they said the two sanctioned individuals were involved in the operations of Chinese cyber group APT 31. The group is also known as Zirconium or Hurricane Panda.
APT 31 was previously accused of attacking US presidential campaigns and the information systems of the Finnish parliament, among other things.
British cybersecurity officials said Chinese government-linked hackers “conducted reconnaissance activities” against British parliamentarians critical of Beijing in 2021. They said no parliamentary accounts had been successfully compromised.
Three lawmakers, including former Conservative Party leader Iain Duncan Smith, told reporters on Monday that they “have been subjected to harassment, impersonation and hacking attempts from China for some time.” In one example, Duncan Smith said hackers posing as him used fake email addresses to write to his contacts.
The politicians are members of the Inter-Parliamentary Alliance on China, an international pressure group aimed at countering Beijing’s growing influence and exposing alleged rights abuses by the Chinese government.
Oliver Dowden, Britain’s deputy prime minister, said his government will call on the Chinese ambassador to answer for his actions.
China’s Foreign Ministry said ahead of the announcement that countries should base their claims on evidence rather than “smearing” others without a factual basis.
“Cyber security issues should not be politicized,” ministry spokesman Lin Jian said. “We hope that all parties will stop spreading false information, adopt a responsible attitude and work together to maintain peace and security in cyberspace.”
Rishi Sunak, the British Prime Minister, reiterated that China is “behaving increasingly assertively abroad” and poses “the biggest state-based threat to our economic security.”
“It is right that we take measures to protect ourselves, and that is what we are doing,” he said, without giving details.
Chinese critics, including Duncan Smith, have long called on Sunak to take a tougher stance on China and label the country as a threat – rather than a “challenge” – to Britain, but the government has refrained from using such critical language.