The United States announced sanctions on Monday (March 25) against a Chinese company and two Chinese individuals associated with the company, accusing them of being hackers supported by the Chinese government and carrying out multiple malicious cyber operations against critical U.S. infrastructure. At the same time, the United States also indicted seven Chinese hackers, including the two Chinese nationals, accusing them of participating in global cyber attacks targeting political dissidents, American politicians and businesses.
The U.S. Treasury Department said in a statement that the Chinese company sanctioned is called Wuhan Xiaorui Intelligent Technology Co., Ltd., which is a front company of the Ministry of National Security of China. The two individuals sanctioned are Zhao Guangzong and Ni Gaobin. (Ni Gaobin). The sanctions are part of a joint effort with the U.S. Department of Justice, FBI, U.S. State Department and the British government.
The Treasury Department said malicious cyber actors backed by the Chinese government remain one of the largest and most persistent threats to U.S. national security. The cybersecurity industry refers to these entities as APT31. APT is the English abbreviation of “Advanced Persistent Threat”.
According to the Ministry of Finance, APT31 is composed of a group of Chinese intelligence officers working for the Hubei Provincial State Security Department under the Ministry of State Security of China. They conduct cyber espionage activities on behalf of the country; in 2010, they established Wuhan Xiaoruizhi Technology Co., Ltd. as a means to conduct these cyber espionage operations. A front company for the attack.
The U.S. Treasury Department said in a statement that APT31 targets senior U.S. officials and their advisers, including the White House, Department of Justice, Department of Commerce, Treasury, State Department, and members of Congress.
The Treasury Department noted that the activities of Wuhan Xiaoruizhi Technology Co., Ltd. resulted in the surveillance of U.S. and foreign politicians, foreign policy experts, academics, journalists, pro-democracy activists and others, and said that company employees targeted Dirk in 2018. A Saskatchewan energy company carried out a cyber attack.
The Treasury Department said Zhao was behind a 2020 phishing campaign targeting the U.S. Naval Academy and the U.S. Naval War College’s China Maritime Institute, as well as multiple phishing campaigns targeting members of the Hong Kong Legislative Council and pro-democracy activists. Ni Gaobin assisted Zhao Guangzong in carrying out many cyber attacks.
“The United States is focused on deterring the dangerous and irresponsible behavior of malicious cyber actors and protecting our citizens and Our critical infrastructure.”
“Through our whole-of-government approach and in close coordination with our UK partners, the Treasury will continue to use our tools to expose these networks and protect against these threats,” he said.
At the same time, the U.S. Department of Justice issued a statement announcing the indictment of seven hackers associated with the Chinese government, including Zhao Guangzong and Ni Gaobin, accusing them of conspiring to commit computer intrusion and wire fraud.
In addition to 38-year-old Ni Gaobin and 38-year-old Zhao Guangzong, the defendants include 37-year-old Weng Ming, 34-year-old Cheng Feng, 38-year-old Peng Yaowen, 38-year-old Sun Xiaohui ( Sun Xiaohui) and 35-year-old Xiong Wang. They are all believed to reside in the People’s Republic of China, the Justice Department said.
The Department of Justice statement said that the targets of these Chinese hackers include U.S. government officials, politicians and campaign teams in the U.S. and other countries, and companies in the U.S. defense, information technology, telecommunications, manufacturing, consulting, legal and research fields. and dissidents who criticize Beijing around the world.
“Today’s announcement exposes China’s continued and flagrant efforts to undermine our nation’s cybersecurity and target Americans and our innovation,” FBI Director Christopher Wray said in a statement.
On the same day, the United Kingdom also accused China of being behind a series of cyber attacks against British politicians and announced sanctions on Wuhan Xiaorui Intelligent Technology Co., Ltd., as well as Zhao Guangzong and Ni Gaobin.
Officials said the sanctioned individuals were responsible for a hacking operation that gained access to information on tens of millions of voters held by the U.K. Electoral Commission, as well as cyber espionage operations that targeted is a congressman who has been outspoken about the threat from China.
Chinese Foreign Ministry spokesman Lin Jian was asked at a regular news conference in Beijing on Monday about Britain’s preparations to sanction Chinese hackers who carried out cyber attacks on the British Electoral Commission and MPs. Lin Jian replied: “Cyber security is a global challenge. China is one of the main victims of cyber attacks. It has always resolutely stopped and severely cracked down on all types of malicious cyber activities in accordance with the law, and advocates that all countries respond together through dialogue and cooperation. The issue of traceability of cyber attacks It is highly complex and sensitive. When investigating and characterizing cyber incidents, there should be sufficient objective evidence, rather than smearing other countries without factual basis, let alone politicizing cyber security issues.”
He continued: “We hope that all parties will stop spreading false information, adopt a responsible attitude, and jointly maintain peace and security in cyberspace. China has always opposed illegal unilateral sanctions and will resolutely safeguard its legitimate rights and interests.”
On the other hand, New Zealand on Tuesday (March 26) accused “state-backed” Chinese hackers of launching a “malicious” cyber attack in 2021 that penetrated sensitive government computer systems.
New Zealand’s counterintelligence agency said a state-backed group known as “APT40” compromised computers linked to its parliamentary network.
