peterschreiber.media | Getty Images
The US Justice Department on Monday unsealed an indictment charging seven men with hacking or attempting to hack dozens of US companies in a 14-year campaign furthering economic espionage and foreign intelligence gathering by the Chinese government.
All seven defendants, federal prosecutors alleged, were associated with Wuhan Xiaoruizhi Science & Technology Co., Ltd, a front company created by the Hubei State Security Department, an outpost of the Ministry of State Security located in Wuhan province. The MSS, in turn, has funded an advanced persistent threat group tracked under names including APT31, Zirconium Violet Typhoon, Judgment Panda, and Altaire.
Relentless 14-year campaign
“Since at least 2010, the defendants … engaged in computer network intrusion activity on behalf of the HSSD targeting numerous US government officials, various US economic and defense industries, and a variety of private industry officials, foreign democracy activists, academics, and parliamentarians in response to geopolitical events affecting the PRC,” federal prosecutors alleged. “These computer network intrusion activities resulted in the confirmed and potential compromise of work and personal email accounts, cloud storage accounts and telephone call records belonging to millions of Americans, including at least some information that could be released in support of malign influence targeting democratic processes and institutions, and economic plans, intellectual property, and trade secrets belonging to American businesses, and contributed to the estimated billions of dollars lost every year as a result of the PRC’s state-sponsored apparatus to transfer US technology to the PRC.”
The relentless 14-year campaign targeted thousands of individuals and dozens of companies through the use of zero-day attacks, website vulnerability exploitation, and the targeting of home routers and personal devices of high-ranking US government officials and politicians and election campaign staff from both major US political parties.
“The targeted US government officials included individuals working in the White House, at the Departments of Justice, Commerce, Treasury, and State, and US Senators and Representatives of both political parties,” Justice Department officials said. “The defendants and others in the APT31 Group targeted these individuals at both professional and personal email addresses. Additionally in some cases, the defendants also targeted victims’ spouses, including the spouses of a high-ranking Department of Justice official, high-ranking White House officials and multiple United States Senators. Targets also included election campaign staff from both major US political parties in advance of the 2020 election.”
One technique the defendants allegedly used was the sending of emails to journalists, political officials, and companies. The messages, which were made to appear as originating from news outlets or journalists, contained hidden tracking links, which, when activated, gave APT31 members information about the locations, IP addresses, network schematics, and specific devices of the targets for use in follow-on attacks. Some of the targets of these emails included foreign government officials who were part of the Inter-Parliamentary Alliance on China, a group formed after the 1989 Tiananmen Square massacre that’s critical of the Chinese government; every European Union member that’s a member of that group; and 43 UK parliamentary accounts that are part of the group or critical of the People’s Republic of China.
