The United States Department of Justice has unsealed an indictment against seven Chinese nationals believed to be operating in a China-backed hacking group called Advanced Persistent Threat 31 (APT31). The hackers are said to have been involved with the group since 2010 and have targeted US businesses and politicians as well as perceived critics of China.
The defendants are Ni Gaobin, 38; Weng Ming, 37; Cheng Feng, 34; Peng Yaowen, 38; Sun Xiaohui, 38; Xiong Wang, 35; and Zhao Guangzong, 38. One major issue that the US will have in apprehending the individuals is that they’re all believed to be in China and backed by the government.
Commenting on the development, Attorney General Merrick B. Garland, said:
“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses.
This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies.”
Outlining the damage done by this group, the DOJ said APT31 has targeted thousands of US and foreign individuals and companies. These attacks have led to successful compromises of target networks, email accounts, cloud storage accounts, and telephone call records. Where email accounts were compromised, surveillance was said to be carried out for many years.
Aside from authorities in the US, the UK government also called out APT31 for cyber attacks against UK institutions and individuals “important to our democracy.” The National Cyber Security Centre, part of GCHQ, said that the group was likely behind the online reconnaissance activity in 2021 against the email accounts of UK parliamentarians (MPs).
Aside from targeting MPs critical of China, the country is also believed to have compromised computers in the UK Electoral Commission between 2021 and 2022. It’s likely that the attackers took email data and data from the Electoral Register at this time.
While those indicted will be safe in China, venturing abroad could be perilous as they could be apprehended by authorities and extradited to the United States.