Shutterstock
Seven Chinese nationals have been indicted in connection with the hacking group APT31 that spent around 14 years critics, business and politicians in the U.S. and around the world, according to the U.S. Attorney’s Office for the Eastern District of New York.
Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, Xiong Wang, and Zhao Guangzong have been charged with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for hacking activities with the Advanced Persistent Threat 31 (APT31) group connected to China’s economic espionage and foreign intelligence objectives, officials said.
“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” U.S. Attorney General Merrick B. Garland said in a statement. “This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies.”
The defendants and others in the APT31 hacking group, run by the Ministry of State Security’s Hubei State Security Department in Wuhan, allegedly targeted the personal and professional emails of U.S. government officials working in the White House, at the Departments of Justice, Commerce, Treasury and State, and U.S. Senators and Representatives of both political parties.
The defendants also targeted the spouses of a high-ranking Department of Justice official, high-ranking White House officials and multiple U.S. Senators, prosecutors said. Also targeted were election campaign staff from both major U.S. political parties in advance of the 2020 election.
The APT31 group also targeted dozens of companies operating in areas of national economic importance, including the defense, information technology, telecommunications, manufacturing and trade, finance, consulting, legal and research industries.
Defendants and others in the group sent more than 10,000 malicious emails that often appeared to be from prominent news outlets or journalists and appeared to contain legitimate news articles, but contained hidden tracking links that went into effect as soon as the recipient opened the email.
The links collected data including the recipients location, internet protocol (IP) addresses, network schematics and specific devices used to access the email account. That information was used to enable more direct and sophisticated targeted hacking, such as compromising the recipients home routers and other electronic devices.
The malicious emails were also sent to global government officials who criticized the Chinese government, including European Union members of the Inter-Parliamentary Alliance on China and 43 U.K. parliamentary accounts.
Along with government critics, the hackers also targeted individual dissidents around the world, including pro-democracy activists in Hong Kong, and, after they were nominated for the Nobel Peace Prize, Norwegian government officials.
“Over 10,000 malicious emails, impacting thousands of victims, across multiple continents. As alleged in todays indictment, this prolific global hacking operation – backed by the PRC government – targeted journalists, political officials, and companies to repress critics of the Chinese regime, compromise government institutions, and steal trade secrets,” said Deputy Attorney General Lisa Monaco.
“The indictment unsealed today, together with statements from our foreign partners regarding related activity, shed further light on the PRC Ministry of State Securitys aggressive cyber espionage and transnational repression activities worldwide,” said Assistant Attorney General Matthew G. Olsen of the Justice Departments National Security Division. “Todays announcements underscore the need to remain vigilant to cybersecurity threats and the potential for cyber-enabled foreign malign influence efforts, especially as we approach the 2024 election cycle. The Department of Justice will continue to leverage all tools to disrupt malicious cyber actors who threaten our national security and aim to repress fundamental freedoms worldwide.”
TMX contributed to this article.