US and UK officials accused Chinese hacking group APT31 — an abbreviation for “advanced persistent threat”— of targeting political figures. The US said their aim was to “repress” critics of Beijing.
The US and UK officials on Monday accused hackers linked to the Chinese state of being behind “malicious”cyber campaigns.
In London, Deputy Prime Minister Oliver Dowden told MPs that attacks had compromised the electoral commission and UK parliamentary accounts.
“Chinese state affiliated actors were responsible for two malicious cyber campaigns targeting both our democratic institutions and parliamentarians,” he said. Attempts to compromise the email accounts of UK lawmakers were “unsuccessful,” Dowden said.
The British government said in a statement that a part of its GCHQ intelligence agency “assessed that the UK Electoral Commission systems were highly likely compromised by a Chinese state-affiliated entity between 2021 and 2022.”
It also said that its intelligence operatives were “almost certain” that the APT31 group “conducted reconnaissance activity against UK parliamentarians during a separate campaign in 2021.”
Later on Monday, New Zealand’s Security Minister, Judith Collins, said that the country’s parliament was targeted by the group in 2021.
Collins, however, said that New Zealand would not follow the US and UK in sanctioning China as Wellington does not have a law that would allow it to do so.
US charges hackers with computer intrusions targeting ‘perceived critics’ of China
In Washington, the Treasury Department said it sanctioned Wuhan Xiaoruizhi Science and Technology Company Ltd., which it calls a Chinese Ministry of State Security front company that has “served as cover for multiple malicious cyberoperations.”
The Treasury Department named two Chinese nationals, Zhao Guangzong and Ni Gaobin, affiliated with the Wuhan company, for operations that targeted US critical infrastructure sectors including defense, aerospace and energy.
The US Justice Department additionally charged Zhao, Ni and five other hackers with conspiracy to commit computer intrusions and wire fraud. It said they were part of a 14-year-long cyber operation “targeting US and foreign critics, businesses, and political officials.”
The individuals were part of the China-based hacking group “APT31” which allegedly targeted White House staffers, US senators, and government officials who criticized Beijing, US officials said. The group was involved in the operations aimed at British parliamentarians too, UK officials said.
Dowden said the UK had sanctioned two individuals residing within China, as well as an entity affiliated with APT31. Dowden said Monday his government would summon China’s ambassador to account for its actions.
China’s Ministry of Foreign Affairs had said ahead of Monday’s sanctions that countries should base their claims on evidence rather than “smear” others without factual basis.
Aim to ‘repress critics of Chinese regime’
The goal of the hackers was to “repress critics of the Chinese regime, compromise government institutions, and steal trade secrets,” US Deputy Attorney General Lisa Monaco said in a statement.
Today’s announcements underscore the need to remain vigilant to cybersecurity threats and the potential for cyber-enabled foreign malign influence efforts, especially as we approach the 2024 election cycle,” US Assistant Attorney General Matthew G. Olsen said.
APT31, an abbreviation for “advanced persistent threat,” was in operation for some 14 years, officials said. US prosecutors said the cyber espionage resulted in the confirmed or potential compromise of work accounts and personal emails belonging to millions of Americans.
The Chinese Embassy in Washington did not immediately comment on the allegations, but the Chinese Embassy described the UK’s reasoning for the sanctions as “completely fabricated and malicious slanders.”
China also called New Zealand’s accusation “groundless.”
“We reject outright such groundless and irresponsible accusations,” China’s embassy said in a statement.