The United States has sanctioned China-based hackers for allegedly targeting U.S. critical infrastructure, the Treasury Department announced Monday.
The U.S., along with the United Kingdom, sanctioned some representatives of Wuhan Xiaoruizhi Science and Technology Company Ltd. (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that the Treasury Department alleges has served as cover for multiple malicious cyber operations.
Wuhan XRZ and its contractors were behind some of the most malicious cyber operations, including the 2020 spear phishing operation against the U.S. Naval Academy and the U.S. Naval War College’s China Maritime Studies Institute, according to the Treasury Department.
National security leaders have consistently warned that Chinese state-affiliated actors were carrying out cyber operations in the U.S.
In addition to the sanctions, the Justice Department on Monday indicted Zhao Guangzong, Ni Gaobin and five other defendants on charges stemming from their alleged involvement in Wuhan XRZ.
“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” Attorney General Merrick Garland said in a statement. “This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies.”
Over the course of three presidential administrations, Ni Gaobi, 38; Weng Ming, 37; Cheng Feng, 34; Peng Yaowen, 38; Sun Xiaohui, 38; Xiong Wang, 35, and Zhao Guangzong, 38, are alleged to have targeted U.S. government officials — including individuals working in the White House, at the departments of Justice, Commerce, Treasury and State; and U.S. senators and representatives of both political parties on behalf of the shell company Wuhan XRZ, the Treasury Department said.
They are also alleged to have targeted U.S. critical infrastructure when there were perceived anti-China policies and when tensions between the U.S. and China were high, according to an indictment unsealed in New York.
In a composite of photos from indictment, (Top left to right), Ni Gaobin, Weng Ming,Cheng Feng, (bottom left to right), Peng Yaowen, Sun Xiaohui, Xiong Wang, Zhao Guangzong.
U.S. District Court, Eastern District of New York
“These computer network intrusion activities resulted in the confirmed and potential compromise of work and personal email accounts, cloud storage accounts and telephone call records belonging to millions of Americans, including at least some information that could be released in support of malign influence targeting democratic processes and institutions, and economic plans, intellectual property and trade secrets belonging to American businesses, and contributed to the estimated billions of dollars lost every year as a result of the PRC’s [People’s Republic of China] state-sponsored apparatus to transfer U.S. technology to the PRC,” the indictment states.
The group, which was also known as APT 31, operated from at least 2010 up until this year, according to the Justice Department.
They were able to target politicians and other prominent U.S. officials by purportedly posing as journalists and would install a “tracking link” on an email that purported to be an example of the work of the journalist they were pretending to be, according to court documents.
“If the recipient activated the tracking link by opening the email, information about the recipient, including the recipient’s location, IP addresses, network schematics and specific devices used to access the pertinent email accounts, was transmitted to a server controlled by the Conspirators,” the court document states. “The Conspirators used this method to enable more direct and sophisticated targeting of recipients’ home routers and other electronic devices, including those of high-ranking U.S. government officials and politicians and election campaign staff from both major U.S. political parties.”
In 2020, the group allegedly targeted a presidential campaign and in 2022 sent emails to officials in the Senate, State Department and Commerce Department, according to court documents.
Commerce Secretary Gina Raimondo had her emails targeted just before her visit to China last year.
The group also allegedly hacked into economic and defense companies using “sophisticated” means, according to the Justice Department. When there were tensions between the U.S. and China, they also allegedly carried out cyberattacks, according to the court documents.
“Since at least 2017, the Conspirators engaged in computer network intrusion activity in response to geopolitical events affecting the PRC, including economic tensions between the U.S. and the PRC, the Hong Kong democracy movement and a U.S. government statement regarding the PRC’s maritime claims in the South China Sea,” the court documents state.
In one example, the hackers allegedly targeted the Norwegian government after they awarded the Nobel Peace Prize to activists in the Hong Kong democracy movement. In another, the group allegedly targeted the U.S. Naval Academy and the U.S. Naval War College’s China Maritime Studies Institute after a top State Department official called China’s actions in the South China Sea in 2020 “completely unlawful,” according to the court documents.
The United States government has recently taken a strong stance against cyber threats originating from China by imposing sanctions and indicting several individuals for allegedly targeting critical infrastructure. This move comes as part of a broader effort to combat cyber espionage and protect national security interests.
The sanctions were announced by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and targeted several Chinese individuals and entities believed to be involved in malicious cyber activities. These individuals are accused of carrying out cyber attacks against US companies and government agencies, with a particular focus on critical infrastructure such as energy, telecommunications, and transportation systems.
In addition to the sanctions, the US Department of Justice also announced indictments against several Chinese hackers for their alleged involvement in cyber attacks against American companies. These indictments highlight the growing threat posed by state-sponsored cyber actors and the need for increased vigilance in defending against such attacks.
The targeting of critical infrastructure by foreign hackers is a serious concern for the US government, as these systems play a vital role in the functioning of society and the economy. A successful cyber attack on critical infrastructure could have devastating consequences, including disruptions to essential services, financial losses, and potential threats to national security.
The US government’s actions against China-based hackers send a clear message that cyber attacks on critical infrastructure will not be tolerated and that those responsible will be held accountable. By imposing sanctions and indictments, the US is signaling its commitment to defending against cyber threats and protecting its critical infrastructure from malicious actors.
In response to these developments, cybersecurity experts are urging organizations to remain vigilant and take proactive measures to protect their systems from cyber attacks. This includes implementing robust cybersecurity measures, conducting regular security assessments, and staying informed about emerging threats.
Overall, the US government’s actions against China-based hackers demonstrate the growing importance of cybersecurity in today’s interconnected world. By taking a strong stance against cyber threats, the US is working to safeguard its critical infrastructure and protect national security interests from malicious actors.
