U.S. and British officials on Monday filed charges, imposed sanctions, and called out Beijing over a sweeping cyberespionage campaign that allegedly hit millions of people — including lawmakers, academics, journalists and more.
Authorities on both sides of the Atlantic accused the hacking group nicknamed "APT31" of being an arm of China's Ministry of State Security and reeled off a laundry list of targets: White House staffers, U.S. senators, British parliamentarians, and government officials across the world who criticized of Beijing. Defense contractors, dissidents, security companies were also hit, the officials said.
In an indictment unsealed on Monday against seven of the alleged Chinese hackers involved, U.S. prosecutors in court said the hacking resulted in the confirmed or potential compromise of work accounts, personal emails, online storage and telephone call records belonging to millions of Americans.
The aim of the global hacking operation was to "repress critics of the Chinese regime, compromise government institutions, and steal trade secrets," Deputy Attorney General Lisa Monaco said in a statement.
Chinese diplomats in London and Washington dismissed the allegations as unwarranted and lacking "valid evidence." The Chinese Embassy in London called the charges "completely fabricated and malicious slanders."
Reuters was not immediately able to locate contact information for the seven alleged hackers being charged by the Department of Justice.
The announcements were made as both Britain and the U.S. imposed sanctions on a firm they said was a Ministry of State Security front company tied to the hacking activity.
The U.S. Treasury Department in a statement said the sanctions were on Wuhan Xiaoruizhi Science and Technology, as well as on two Chinese nationals.
"Today's announcement exposes China's continuous and brash efforts to undermine our nation's cybersecurity and target Americans and our innovation,” FBI Director Christopher Wray said in a statement.
The U.S. State Department's Rewards for Justice program (RFJ) is offering a reward of up to $10 million for information on the group and the defendants, according to an official press release. The RFJ program seeks information on any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities in violation of the Computer Fraud and Abuse Act (CFAA).
Tensions between Beijing and Washington over issues relating to cyberespionage have been rising as Western intelligence agencies have increasingly sounded the alarm on alleged Chinese state-backed hacking activity.
China has also in recent years begun to call out alleged Western hacking operations.
For example, last year, the Ministry of State of Security claimed that the U.S. National Security Agency had repeatedly penetrated Chinese telecommunication giant Huawei Technologies.
Prosecutors listed numerous unnamed victims around the globe who had been targeted, but several stand out in the U.S. indictment.
In 2020, the Chinese hackers targeted staffers working for a U.S. presidential campaign, prosecutors wrote. The disclosure matches public reporting at the time by Google that Chinese hackers sent malicious emails to the campaign of current President Joe Biden, but no compromise had been detected.
Another alleged mission involved the hacking of an American firm known for public opinion research in 2018, the same year of a U.S. midterm election.
"Politicians, parties, and elections organizations are rich sources of intelligence that offer collectors everything from rare geopolitical insights to enormous troves of data, said John Hultquist, chief analyst for U.S. cybersecurity intelligence firm Mandiant, a division of Google Cloud.
"As we’ve seen in previous election cycles, actors like APT31 turn to political organizations to find the geopolitical intelligence that they're tasked with collecting."
© 2024 Thomson/Reuters. All rights reserved.