Skip to content

Illustration by iStock; Security Management

U.S., UK Officials Charge Seven for Computer Intrusions Related to APT31 Hacking Group

The U.S. Department of Justice (DOJ) charged seven People’s Republic of China (PRC) nationals with conspiracy to commit computer intrusions and wire fraud as part of their alleged involvement in a hacking group that spent 14 years targeting foreign critics, businesses, and political officials, according to an unsealed indictment released Tuesday. The U.S. State Department announced a reward of up to $10 million for information on the seven men.

The defendants (Ni Gaobin, 38; Weng Ming, 37; Cheng Feng, 34; Peng Yaowen, 38; Sun Xiaohui, 38; Xiong Wang, 35; and Zhao Guangzong, 38) are all believed to reside in China. They allegedly sent more than 10,000 malicious emails that impacted thousands of victims worldwide as part of a prolific global hacking operation backed by the PRC, the DOJ said. The efforts from this group (known in cybersecurity circles as Advanced Persistent Threat 31 or the APT31 Group) aimed to repress critics of the Chinese government, compromise foreign government institutions, and steal trade secrets.

“The more than 10,000 malicious emails that the defendants and others in the APT31 Group sent to these targets often appeared to be from prominent news outlets or journalists and appeared to contain legitimate news articles,” the DOJ explained. “The malicious emails contained hidden tracking links, such that if the recipient simply opened the email, information about the recipient, including the recipient’s location, Internet protocol (IP) addresses, network schematics, and specific devices used to access the pertinent email accounts, was transmitted to a server controlled by the defendants and those working with them. The defendants and others in the APT31 Group then used this information to enable more direct and sophisticated targeted hacking, such as compromising the recipients’ home routers and other electronic devices.”

Their activity resulted in successful compromises of targets’ networks, email accounts, cloud storage accounts, and telephone call records.

For targets that were harder to access, APT31 hackers shifted focus to target their targets’ family members as a reconnaissance tool, the DOJ indictment said. According to Cyberscoop, this type of targeting is relatively rare but not unheard of, especially as Chinese operatives seek to control critical speech abroad by manipulating family relationships. In other cases, APT31 operators posed as prominent journalists from Western media outlets to email U.S. government officials links to apparent news articles that were, in fact, malicious tracking links.

Alongside the indictment, the U.S. Department of the Treasury’s Office of Foreign Assets Control sanctioned Wuhan Xiaoruizhi Science and Technology Company, Ltd, a Chinese Ministry of State Security front company that allegedly served as a cover for malicious cyber operations from APT31.

The actions were part of a collaborative effort between the Treasury, the DOJ, the FBI, the U.S. Department of State, and the United Kingdom Foreign, Commonwealth, and Development Office (FCDO).

The FCDO called out Chinese state-affiliated organizations and individuals for allegedly conducting two malicious cyber campaigns targeting democratic institutions and parliamentarians between 2021 and 2022.

“This is the latest in a clear pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians in the UK and beyond,” an FCDO release said.

China hit back at the United States and United Kingdom over the allegations, accusing the nations of “political manipulation.”