US Charges China-Backed Hackers With 14 Years of Cyberattacks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The U.S. Department of Justice (DOJ) has indicted seven Chinese nationals suspected of hacking on behalf of China’s spy agency.

Over 14 years, the defendants’ network allegedly targeted critics of Beijing, politicians, and companies in the U.S. and elsewhere.

The U.S. and other Western governments are increasingly concerned about Chinese state-affiliated espionage in light of recently exposed hacking campaigns believed to be paving the way for cyberattacks against critical infrastructure.

The defendants allegedly belonged to Advanced Persistent Threat 31 (APT31), a hacking ring run by the Chinese Ministry of State Security (MSS), specifically its foreign intelligence arm based in Wuhan, Hubei province.

Since at least 2010, the group has carried out intrusive cyber operations targeting thousands of people and businesses worldwide, according to the indictment. Their alleged victims included political dissidents and their perceived supporters, government officials, political candidates and campaign personnel.

Political targets included British Parliamentarians and members of the Inter-Parliamentary Alliance on China, an international group of legislators focused on Beijing-related human rights, economic and defense-related issues.

The network also pursued foreign companies’ intellectual property and trade secrets that could benefit Chinese companies, adding to the “estimated billions of dollars lost every year as a result of the PRC’s (People’s Republic of China) state-sponsored apparatus to transfer U.S. technology to the PRC.”

During these 14 years, APT31 members sent its victims more than 10,000 emails containing hidden tracking links that sent private information—such as recipients’ internet protocol (IP) addresses, location and information about their digital devices—to a server.

An employee types on a computer keyboard at the headquarters of internet security giant Kaspersky in Moscow. The U.S. Justice Department on March 25 announced it had indicted seven Chinese nationals on charges related to…
An employee types on a computer keyboard at the headquarters of internet security giant Kaspersky in Moscow. The U.S. Justice Department on March 25 announced it had indicted seven Chinese nationals on charges related to hacking for the Chinese government.

Kirill Kudryavtsev/AFP via Getty Images

The information was then used to facilitate more complex targeted attacks, such as hacking into the targets’ home routers.

The defendants, including Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, Xiong Wang and Zhao Guangzong, are charged with conspiracy to commit computer intrusions and conspiracy to commit wire fraud.

The indictment also named a front company, Wuhan Xiaoruizhi Science and Technology Co. Ltd., which the Hubei State Security Department allegedly created to conduct its hacking activities.

“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” U.S. Attorney General Merrick Garland was quoted as saying by the DOJ statement on the charges.

“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies.”

The Chinese Embassy in Washington, D.C., did not immediately respond to a written request for comment.

Meanwhile, the United Kingdom announced Monday that an entity with connections to the Chinese government had “highly likely compromised” the country’s Electoral Commission between 2021 and 2022.

The statement also accused APT31 of “reconnaissance activity” in 2021 that targeted parliamentarians, most of whom were outspoken critics of Beijing. None of the lawmakers’ accounts had been successfully compromised, however, according to the statement.

The British Foreign, Commonwealth and Development Office has summoned China’s ambassador to the country and slapped sanctions on two of the defendants named in the U.S. indictment—Ni Gaobin and Zhao Guangzong—and on Wuhan Xiaoruizhi Science and Technology Co.

“It is completely unacceptable that China state-affiliated organizations and individuals have targeted our democratic institutions and political processes,” Foreign Secretary David Cameron was quoted as saying. “While these attempts to interfere with U.K. democracy have not been successful, we will remain vigilant and resilient to the threats we face.”