The Treasury Department announced on Monday that it has sanctioned China-based hackers for allegedly targeting critical infrastructure in the United States.
The United States, in collaboration with the United Kingdom, has imposed sanctions on certain individuals associated with Wuhan Xiaoruizhi Science and Technology Company Ltd. (Wuhan XRZ), a Ministry of State Security (MSS) front company based in Wuhan, China. The Treasury Department claims that this company has been involved in numerous cyber operations with malicious intent.
The Treasury Department has identified Wuhan XRZ and its contractors as the culprits behind several highly malicious cyber operations. One notable attack involved a spear phishing operation in 2020 that targeted the U.S. Naval Academy and the U.S. Naval War College’s China Maritime Studies Institute.
National security leaders have consistently raised concerns about cyber operations being conducted by Chinese state-affiliated actors within the United States.
The Justice Department has filed charges against Zhao Guangzong, Ni Gaobin, and five others for their alleged involvement in Wuhan XRZ. These individuals have been indicted in addition to facing sanctions.
“The Chinese government’s attempts to intimidate American public servants, silence dissidents protected by American laws, and steal from American businesses will not be tolerated by the Justice Department,” stated Attorney General Merrick Garland. He emphasized the significance of this case, which serves as a reminder of the lengths to which the Chinese government is willing to go in order to target and intimidate its critics. This includes launching malicious cyber operations that pose a threat to the national security of the United States and its allies.”
According to the Treasury Department, Ni Gaobi (38), Weng Ming (37), Cheng Feng (34), Peng Yaowen (38), Sun Xiaohui (38), Xiong Wang (35), and Zhao Guangzong (38) are accused of targeting U.S. government officials, including those in the White House and various departments such as Justice, Commerce, Treasury, and State. They also allegedly targeted senators and representatives from both political parties. This was done on behalf of the shell company Wuhan XRZ.
According to an unsealed indictment in New York, they are accused of targeting U.S. critical infrastructure during periods of perceived anti-China policies and heightened tensions between the U.S. and China.
The indictment states that these computer network intrusion activities have led to the compromise of both work and personal email accounts, cloud storage accounts, and telephone call records of millions of Americans. Furthermore, it is believed that some of the information obtained could be used to support malicious influence targeting democratic processes and institutions, as well as gain access to economic plans, intellectual property, and trade secrets of American businesses. The activities conducted by the People’s Republic of China’s state-sponsored apparatus to transfer U.S. technology have contributed to the estimated billions of dollars lost annually.
According to the Justice Department, the group, also known as APT 31, has been operating since 2010 and continued until this year.
According to court documents, the hackers targeted politicians and prominent U.S. officials by pretending to be journalists. They would install a “tracking link” on an email, posing as the work of the journalist they were impersonating.
According to the court document, when the recipient opened the email and clicked on the tracking link, the Conspirators were able to gather information about the recipient, such as their location, IP addresses, network details, and specific devices used to access their email accounts. This method allowed the Conspirators to target recipients’ home routers and other electronic devices, including those belonging to high-ranking U.S. government officials, politicians, and election campaign staff from both major U.S. political parties.
According to court documents, in 2020, the group allegedly targeted a presidential campaign and in 2022, they sent emails to officials in the Senate, State Department, and Commerce Department.
Just before her visit to China last year, Commerce Secretary Gina Raimondo became the target of email hacking.
According to the Justice Department, the group is accused of hacking into economic and defense companies using sophisticated methods. Additionally, court documents suggest that they also carried out cyberattacks during periods of tension between the U.S. and China.
According to court documents, the Conspirators have been involved in computer network intrusion activity since at least 2017. They have done so in response to various geopolitical events that have impacted the People’s Republic of China (PRC), including economic tensions between the U.S. and the PRC, the Hong Kong democracy movement, and a statement made by the U.S. government regarding the PRC’s maritime claims in the South China Sea.
The hackers reportedly focused on the Norwegian government following the awarding of the Nobel Peace Prize to activists involved in the Hong Kong democracy movement. Additionally, the group allegedly targeted the U.S. Naval Academy and the U.S. Naval War College’s China Maritime Studies Institute after a high-ranking State Department official deemed China’s actions in the South China Sea in 2020 as “completely unlawful,” as stated in court documents.