Cal's Lucas Asia Correspondent
Asia correspondent
Updated Tuesday, March 26, 2024-11:14
Asia UK accuses China of "malicious" cyber attacks against its MPs
In the underworld of hackers, they have been baptized by various names: Zirconium, Violet Typhoon, Judgment Panda or Altaire. Although among Western intelligence communities they are known as APT31, the acronym in English for "Advanced Persistent Threat 31." Among cybersecurity experts, the APT nomenclature is often used to identify
hacker groups
linked to foreign governments. It is estimated that, in a structured and guided manner, more than 40 of these APT groups operate around the world, but half are run from China, including APT31.
This week, the United States and the United Kingdom have accused this group of hackers, led in the Chinese city of Wuhan by a branch of the powerful Ministry of State Security (MSS), the main intelligence agency of the Asian superpower, of orchestrating
a mega cyber espionage campaign
to attack politicians, journalists, defense contractors, technology companies and critics of Beijing.
On Monday, the US Treasury Department announced sanctions against Wuhan Xiaoruizhi Science and Technology, a company that APT31 had allegedly used since 2010 as a cover to launch attacks backed by the Chinese government. "For years, hackers linked to the Chinese government targeted White House officials, senators, technology companies and high-ranking critics of the United States," said a statement from the Department of Justice.
"This case serves as a reminder of the lengths to which the Chinese government is willing to go to attack and intimidate its critics, including launching malicious cyber operations intended to threaten the national security of the United States and our allies," said the Attorney General
Merrick Garland
.
The US authorities also sanctioned seven individuals linked to APT31 and the Wuhan company.
They sent more than "10,000 malicious emails"
from media accounts or well-known journalists. Since 2015, APT31 allegedly sent emails that appeared to have domains such as @dailytrainnews.com or @nynewsweek.com.
"If the recipient simply opened the email, information about the person or agency, including location, Internet Protocol (IP) addresses, and network and router information, was
transmitted to a server controlled by the hackers. computers
," prosecutors said.
The United Kingdom on Monday also announced sanctions against the Wuhan company connected to APT31 for allegedly being involved in a massive 2021 attack on the emails of British parliamentarians who were critical of China. These sanctions also target two men,
Ni Gaobin and Zhao Guangzong
, who appear on the US list.
London also points to another cyber attack against the British Electoral Commission that resulted in Beijing being able to access the personal data of some 40 million voters. "Wuhan Xiaoruizhi Science and Technology and APT31 are responsible for participating in or providing support for the commission, planning or preparation of relevant cyber activity on behalf of the Chinese State," the British authorities released.
"These attacks demonstrate a clear and persistent pattern of behavior indicating
hostile intentions on the part of China
," said British Deputy Prime Minister Oliver Dowden. David Cameron's Ministry of Foreign Affairs summoned the Chinese ambassador to give explanations, but the diplomatic delegation of the Asian giant has reiterated that the claims about these cyber attacks linked to Beijing are "invented slander."
Earlier this year, FBI Director Christopher Wray noted that Chinese hackers had been attacking US and other allied countries' infrastructure for years, and were preparing to
"wreak havoc" on the power grid
and transportation systems.
On Tuesday, New Zealand joined the US and the UK in new accusations against China. In 2021, "hackers linked to the Chinese government" attacked the New Zealand Parliament. Although in the case of the Oceanian country, the Chinese group behind the attacks would be APT40, also reported in previous years for global attacks on the networks of technology companies.
In 2020, before the previous elections in the United States, APT31's name already appeared in several news stories because its trace, according to complaints from Google and Microsoft, was found in cyberattacks on the personal emails of Joe Biden campaign
workers
. A year after this group was accused of interfering in the US elections, the British Government warned of an attack on the Microsoft Exchange mail server that had compromised the security of tens of thousands of accounts around the world.