The U.S. Department of Justice (DoJ) on Monday unveiled indictments against seven Chinese citizens, saying they participated in a hacking group that targeted U.S. and foreign critics, journalists, businesses and political officials for about 14 years.
The defendants include Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, Xiong Wang, and Zhao Guangzong.
The alleged cyber espionage was charged with conspiracy to commit computer intrusion and conspiracy to commit wire fraud related to the state-sponsored threat group APT31, also known as Altaire, Bronze Vinewood, Judgment Panda and Violet Typhoon (formerly known as APT31). zirconium). The hacker group has been active since at least 2010.
Specifically, their responsibilities include testing and exploiting malware used to conduct intrusions, managing attack infrastructure, and conducting surveillance of certain U.S. entities, federal prosecutors said, adding that these activities were designed to advance China’s economic espionage and Foreign Intelligence Targets.
Both Gao Bin and Guangzong are accused of having ties to Wuhan Xiaoruizhi Technology Co., Ltd. (Wuhan XRZ), a front company believed to have conducted multiple malicious cyber operations for the Ministry of State Security (MSS).
Intrusion Truth described Wuhan XRZ in a report published in May 2023 as “a sketchy-looking company looking for vulnerability diggers and foreign language experts in Wuhan.”
In addition to announcing rewards of up to $10 million for information that may identify the identity or whereabouts of people associated with APT31, the UK and the US have also threatened national security and targeted lawmakers around the world.
“These charges lift the curtain on China’s massive illegal hacking campaign that has targeted the sensitive data of U.S. elected and government officials, journalists and academics, valuable information about U.S. companies, and political dissidents in the U.S. and abroad. ,” said U.S. Attorney Breon Peace.
“Their nefarious schemes victimized thousands of people and entities around the world and continued for more than a decade.”
The massive hacking operation involved the defendants and other members of APT31 sending more than 10,000 emails to interested targets with hidden tracking links that revealed the victim’s location, Internet Protocol (IP) The address, network schematic, and device used to access the email account can be viewed by simply opening Mail.
This information then enables threat actors to conduct more targeted attacks against specific individuals, including compromising the recipient’s home routers and other electronic devices.
Threat actors also allegedly exploited zero-day vulnerabilities to maintain constant access to victims’ computer networks, resulting in the confirmed or potential theft of phone call records, cloud storage accounts, personal emails, financial plans, intellectual property and trade secrets . Ties with American businesses.
It was further discovered that other spear phishing campaigns orchestrated by APT31 targeted U.S. government officials working at the White House, Department of Justice, Department of Commerce, Department of Treasury, and State Department, as well as U.S. Senators, Representatives, and campaign staff of both parties .
These attacks are facilitated by custom malware (such as RAWDOOR, Trochilus, EvilOSX, DropDoor/DropCat, etc.) that establishes a secure connection to an adversary-controlled server to receive and execute commands on the victim’s computer. A cracked version of the Cobalt Strike Beacon was also used for post-exploitation activities.
Some of the main target industries of the organization include defence, information technology, telecommunications, manufacturing and trading, finance, consulting, and legal and research industries. APT31 has also singled out dissidents and others believed to support them around the world.
“APT31 is a collection of Chinese state-backed intelligence officers, contract hackers, and support personnel who conduct malicious cyber operations on behalf of the Hubei State Security Department (HSSD),” the U.S. Treasury Department said.
“In 2010, HSSD established Wuhan XRZ as a front company to conduct cyber operations. This malicious cyber activity resulted in the surveillance of U.S. and foreign politicians, foreign policy experts, academics, journalists, and democracy activists, as well as in areas of national importance. Business individuals and companies.”
“Chinese state-sponsored cyber espionage is not a new threat, and the indictments unsealed today by the U.S. Department of Justice lay out the full range of their cyber operations tactics to advance the agenda of the People’s Republic of China (PRC). While this is not a new threat “The espionage activity and the tactics deployed are concerning,” said Alex Rose, director of government engagement at Secureworks Counter Threat Group. “
“Over the past few years, the Chinese have developed their typical warfare methods to evade detection and make it more difficult to attribute specific cyber attacks to them. This is part of a broader strategic effort that China can execute .The skills, resources, and tactics of the People’s Republic of China make them a persistent high and persistent threat to governments, businesses, and organizations around the world.”
The charges come after the British government accused APT31 of “malicious cyber activity” targeting the country’s electoral commission and politicians. Breaches by the Electoral Commission resulted in unauthorized access to the voter data of 40 million people.
The regulator disclosed the incident in August 2023, despite evidence that the threat actor had accessed the system two years before that.
However, China has denied the accusations, calling them “complete fabrications” and constituting “malicious slander.” A spokesman for the Chinese Embassy in Washington told BBC News the countries had “made baseless accusations”.
“Tracing the origin of cyber attacks is extremely complex and sensitive. When investigating and determining the nature of cyber cases, sufficient and objective evidence is required. We cannot discredit other countries when the facts do not exist, let alone politicize cyber security issues. ” said Lin Jian, spokesperson of the Ministry of Foreign Affairs.
We hope that relevant parties will stop spreading false information, adopt a responsible attitude, and jointly maintain the peace and security of cyberspace. China opposes illegal and unilateral sanctions and will firmly safeguard its legitimate rights and interests.
