Chinese hackers charged in plot targeting US security
Feds say scheme also was aimed at politicians
Hackers tied to the Chinese government targeted high-ranking U.S. politicians, businesses and critics in a yearslong scheme to attack crucial pieces of America’s infrastructure, federal prosecutors said Monday in an indictment of seven foreign nationals.
White House officials, U.S. senators, defense contractors, journalists and technology companies were among thousands targeted in the cyber operation, the Justice Department said.
The United Kingdom also announced sanctions Monday against a statesponsored company, which it accused of being involved in an attack on parliamentarians’ emails in 2021.
“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies,” Attorney General Merrick Garland said.
Monday’s announcement comes two months after FBI Director Christopher Wray warned Congress that Chinese hackers were preparing to “wreak havoc” on American infrastructure.
The Treasury Department announced sanctions against Wuhan Xiaoruizhi Science and Technology Co. Ltd., a front company that China’s Hubei State Security Department used as a cover for cyberattacks by a hacking group known as “Advanced Persistent Threat 31,” or APT31, according to federal prosecutors.
“The more than 10,000 malicious emails that the defendants and others in the APT31 Group sent to ... targets often appeared to be from prominent news outlets or journalists and appeared to contain legitimate news articles,” prosecutors said in a statement.
The malicious emails contained hidden tracking links, so if the recipient simply opened the email, information about the person or agency − including location, internet protocol (IP) addresses and network and router information − was transmitted to a server controlled by the hackers, prosecutors said.
Two of the seven people charged in the federal indictment also were sanctioned. Zhao Guangzong and Ni Gaobin were behind high-profile malicious cyberattacks, the Treasury Department said, including the 2020 spear phishing operation against the U.S. Naval Academy and the U.S. Naval War College’s China Maritime Studies Institute.
APT31 also targeted opponents of the Chinese government, the indictment said. In 2019, the hackers allegedly targeted Hong Kong pro-democracy activists in the U.S. and abroad, along with legislators, activists and journalists associated with Hong Kong’s democracy movement.
Chinese Embassy spokesperson Liu Pengyu told USA TODAY that China “firmly opposes and cracks down on all forms of cyberattacks in accordance with law.”
“Without valid evidence, the US jumped to an unwarranted conclusion, made groundless accusations and opposed illegal and unilateral sanctions against China, which is extremely irresponsible. China firmly opposes this and will firmly safeguard its lawful rights and interests,” Pengyu said.
The seven people charged in the indictment, along with dozens of others, were part of APT31 and operated on behalf of China’s Hubei State Security Department, federal prosecutors said. All of the defendants are believed to be living in China, according to the Justice Department.
Since 2010, the cyberattack group tried to compromise email accounts, cloud storage accounts and phone call logs belonging to millions of Americans, the indictment said, including some information that could have targeted “democratic processes and institutions” if released. Surveillance on some compromised email accounts lasted several years, prosecutors said.
Since 2015, APT31 is accused of sending more than 10,000 emails that appeared to be from news outlets or journalists with domains such as @dailytrainnews.com or @nynewsweek.com. Among the recipients were officials at the White House, Departments of Justice, Commerce, Treasury and State, members of Congress from more than 10 states, government contractors and political strategists, the indictment said.
The group targeted a wide breadth of people and companies in its cyberattacks, including campaign staff members for a presidential campaign in 2020, opponents in the U.S. and abroad of the Chinese government, and U.S.based companies across several industries, including defense, finance, telecommunications, engineering and research, according to court documents.
“These allegations pull back the curtain on China’s vast illegal hacking operation that targeted sensitive data from U.S. elected and government officials, journalists and academics; valuable information from American companies; and political dissidents in America and abroad,” U.S. Attorney Breon Peace said.
“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics.”
Attorney General Merrick Garland