The U.S. on Monday announced actions aimed at exposing a sweeping Chinese hacking campaign that has targeted U.S. government institutions, critical infrastructure, media and political dissidents for more than a decade.
Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), served as a front company for China’s Ministry of State Security (MSS), which deals with overseas policing and espionage, allowing Chinese hackers to hide a multitude of malicious cyber operations, the Treasury Department said after sanctioning the organization on Monday in a statement alongside other U.S. agencies and the United Kingdom. In an indictment unsealed separately, the Department of Justice accused Chinese nationals Zhao Guangzong, Ni Gaobin and five others for their role “in furtherance of [China’s] economic espionage and foreign intelligence objectives” over the past 14 years.
DOJ “will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” Attorney General Merrick B. Garland said in the press release. “This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies.”
China’s regional security office established Wuhan XRZ in 2010 to carry out cyber operations against “U.S. and foreign politicians, foreign policy experts, academics, journalists, and pro-democracy activists, as well as persons and companies operating in areas of national importance.”
Hackers associated with the group, known variably as Advanced Persistent Threat 31 (APT31), Judgement Panda, and Zirconium, have gone after U.S. government officials and advisers on national security issues in the White House and other federal agencies; both Democrat and Republican members of Congress; the U.S. Naval Academy and the U.S. Naval War College’s China Maritime Studies Institute, according to the press release.
U.S. investigators also tied the group to major attacks on a Texas-based energy company and companies that do research, development and manufacturing for the U.S. military in Tennessee, Alabama and elsewhere.
APT31 has also attacked high-profile individuals connected to the 2020 election, according to Microsoft.
In 2020, Zhao Guangzong, working as a contractor for Wuhan XRZ, sent seemingly innocuous emails containing disguised malware to administrators at the U.S. Naval Academy, the the U.S. Naval War College’s China Maritime Studies Institute and an unnamed U.S.-based think tank “focused on U.S. national security issues, including in the Asia-Pacific region,” according to the indictment and press releases.
The hacker also carried out similar “spearphishing” attacks on Hong Kong legislators and pro-democracy activists, the U.S. said.
China has denied U.S. accusations of cyberespionage and accuses Washington of hypocrisy over the issue.
“Without valid evidence, the U.S. jumped to an unwarranted conclusion and made groundless accusations against China,” Li Pengyu, a spokesperson for the Chinese embassy in the U.S., told the Daily Caller News Foundation in a statement.
“Since last year, China’s cybersecurity agencies have released reports revealing the U.S. government’s long-running cyberattacks against China’s critical infrastructure. Such irresponsible policy and practices have exposed global critical infrastructure to huge risks,” Pengyu added