US, UK officials say China cyberespionage campaign hit millions


US and British officials on Monday filed charges, imposed sanctions, and accused Beijing of a sweeping cyberespionage campaign that allegedly hit millions of people including lawmakers, academics and journalists, and companies including defense contractors.

Authorities on both sides of the Atlantic nicknamed the hacking group Advanced Persistent Threat 31 or "APT31," calling it an arm of China's Ministry of State Security.

Officials reeled off a laundry list of targets: White House staffers, US senators, British parliamentarians, and government officials across the world who criticized of Beijing. Apparently the state-sponsored group had been working the spy campaign for at least 14 years.

ADVERTISEMENT

Few other victims were identified by name, but American officials said that the hackers' decade-plus spying spree compromised defense contractors, dissidents and a variety of US companies, including American steel, energy, and apparel firms.

Among the targets were leading providers of 5G mobile telephone equipment and wireless technology. Even the spouses of senior US officials and lawmakers were targeted, the officials said.

The aim of the global hacking operation was to "repress critics of the Chinese regime, compromise government institutions, and steal trade secrets," Deputy US Attorney General Lisa Monaco said in a statement.

In an indictment unsealed on Monday against seven of the alleged Chinese hackers, US prosecutors in court said the hacking resulted in the confirmed or potential compromise of work accounts, personal emails, online storage, and telephone call records belonging to millions of Americans. All seven are believed to still be living in China.

“Over 10,000 malicious emails, impacting thousands of victims, across multiple continents. As alleged in today’s indictment, this prolific global hacking operation – backed by the PRC government – targeted journalists, political officials, and companies to repress critics of the Chinese regime, compromise government institutions, and steal trade secrets,” said Monaco.

The campaign

The malicious emails would often appear to be from prominent news outlets or journalists and appeared to contain links to legitimate news articles,” according to the Chicago FBI, who were tasked with uncovering the complex web.

ADVERTISEMENT

Just like any deceptive phishing campaign, when the email recipient would open the link, certain data would be transmitted without the user's knowledge back to a command and control server (C&C) rur by APT31. Tracking data included information about the recipient’s location, internet protocol (IP) addresses, network schematics, and the specific devices used to access the user's email account.

Preliminary information collected by the phish would allow the group to escalate to more “direct and sophisticated targeted hacking,” such as going after the victim's electronic devices, and in some cases even their home's router systems.

APT31 and its affiliates would also target its victims with zero-day exploits which were said to have resulted in the “confirmed" exposure of “economic plans, intellectual property, and trade secrets belonging to American businesses,” that potentially had been transferred back to the PRC.

The damage caused by the group and its exfiltration of massive amounts of stolen information is estimated to have cost billions of dollars each year the campaign was running.

Officials in London accused APT31 of hacking British lawmakers critical of China and said that a second group of Chinese spies was behind the hack of Britain's electoral watchdog that separately compromised the data of millions more people in the United Kingdom.

Chinese diplomats in Britain and the US dismissed the allegations as unwarranted. The Chinese Embassy in London called the charges "completely fabricated and malicious slanders."

Reuters was not immediately able to locate contact information for the seven alleged hackers being charged by the Department of Justice.

The fallout

The announcements were made as both Britain and the US imposed sanctions on a firm they said was a Ministry of State Security front company tied to the hacking activity.

The US Treasury Department in a statement said the sanctions were on Wuhan Xiaoruizhi Science and Technology, as well as on two Chinese nationals.

ADVERTISEMENT

"Today's announcement exposes China's continuous and brash efforts to undermine our nation's cybersecurity and target Americans and our innovation," FBI Director Christopher Wray said in a statement.

Tensions over issues relating to cyberespionage have been rising between Beijing and Washington, as Western intelligence agencies have increasingly sounded the alarm on alleged Chinese state-backed hacking activity.

China has also begun in recent years to call out alleged Western hacking operations. For example, last year, the Ministry of State of Security claimed that the US National Security Agency had repeatedly penetrated Chinese telecommunication giant Huawei Technologies.

US prosecutors listed numerous unnamed victims around the globe who had been targeted, but several stand out in the indictment.

In 2020, the Chinese hackers targeted staffers working for a US presidential campaign, prosecutors wrote. The disclosure matches public reporting at the time by Google that Chinese hackers sent malicious emails to the campaign of current President Joe Biden, but no compromise had been detected.

Another alleged mission involved the hacking of an American firm known for public opinion research in 2018, the same year of a US midterm election.

"Politicians, parties, and elections organizations are rich sources of intelligence that offer collectors everything from rare geopolitical insights to enormous troves of data, said John Hultquist, chief analyst for US cybersecurity intelligence firm Mandiant, a division of Google owner Alphabet.

"As we've seen in previous election cycles, actors like APT31 turn to political organizations to find the geopolitical intelligence that they're tasked with collecting," Hultquist said.

ADVERTISEMENT

ADVERTISEMENT

Leave a Reply

Your email address will not be published. Required fields are markedmarked