On Monday, the United States alleged that seven Chinese individuals had unlawfully accessed computer networks, email accounts, and cloud storage of various critical infrastructure entities, businesses, politicians, and political parties in the US.
American prosecutors have identified a group of suspected spies as members of APT31, a cyber-espionage group believed to be operated by China's Ministry of State Security (MSS) from Wuhan. This group is also known by various aliases such as Zirconium, Violet Typhoon, Judgment Panda, and Altaire.
As per the UK government's announcement, the group responsible for the attempted hacking of British politicians' email accounts in 2021 is believed to be the same as the one involved in the recent cyber attack
The UK and the US imposed sanctions on Wuhan Xiaoruizhi Science and Technology, believed to be a cover for the MSS and its cyber intrusion operations, as well as two out of seven Chinese individuals accused of involvement in the espionage. Additionally, the UK revealed that its Electoral Commission was compromised by Chinese agents between 2021 and 2022, resulting in the theft of email and Electoral Register data.
The United States has charged seven individuals suspected to be part of APT31, including Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, Xiong Wang, and Zhao Guangzong. Gaobin and Guangzong were also sanctioned by the UK and US in relation to Wuhan Xiaoruizhi.
It is believed that all of the individuals are currently living in China, which significantly decreases the likelihood of them being arrested and sent back to the US for trial for the crimes they are accused of committing.
However, it is possible that money could potentially affect the situation. The government offered a reward of up to $10 million for anyone who can provide information on the seven individuals believed to be spies. This reward is intended to encourage someone to come forward and help authorities bring these individuals to justice. Alternatively, it could be seen as a form of showmanship. It raises questions about the activities of agencies like the NSA, CIA, MI6, and GCHQ and what they do on a daily basis.
The US State Department has released a wanted poster for suspects connected to APT31. Click to view the poster in a larger
The indictment accuses seven men in the US of collaborating with multiple MSS intelligence officers, contractors, and support staff to infiltrate and monitor computer networks and online accounts relevant to Beijing.
The alleged gang has been carrying out large-scale campaigns since 2010, targeting thousands of individuals and companies in the US and abroad. Their focus has been on journalists, pro-democracy activists, foreign policy experts, academics, IT, telecoms, manufacturing and trade workers, finance professionals, consultants, lawyers, researchers, government officials, politicians, and critics of the Chinese government. The stolen information includes trade secrets and personal data.
The computer network intrusion activities led to the confirmed and possible compromise of work and personal email accounts, cloud storage accounts, and telephone call records of many Americans. This included information that could be used to target democratic processes, institutions, economic plans, intellectual property, and trade secrets of American businesses. These activities also contributed to the billions of dollars lost annually due to China's state-sponsored efforts to acquire US technology.
There are claims that Chinese government officials sent numerous deceptive email messages to politicians and their families, pretending to be well-known American journalists. These emails included harmful links that, once clicked on, revealed the recipient's location, IP address, network details, and specific devices used to read the emails.
According to the indictment, the individuals involved in the conspiracy utilized this approach to more effectively and intricately target the home routers and electronic devices of recipients, including high-ranking officials in the US government, politicians, and campaign staff from both major political parties.
A report is recommending the establishment of a Cyber
The accusations of cyber espionage have surfaced alongside a recommendation for the establishment of a US Cyber Force. This proposed new branch of the military would focus on recruiting and training individuals to defend the country against online threats that pose risks to national security.
A report published by the Foundation for Defense of Democracies on Monday stated that leaders need to recognize the signs indicating that cyberspace has become a domain for warfare, despite having acknowledged this fact years ago.
The report was written by retired Rear Admiral Mark Montgomery, who holds a senior position at FDD's Center on Cyber and Technology Innovation, and Erica Lonergan, an assistant professor at Columbia University's School of International and Public Affairs. Both authors were part of the government's Cyberspace Solarium Commission.
For their report, they spoke with over 75 current and former US military officers and found that the system for training cyber forces in the US is not working effectively.
They suggest that the best solution is to establish a separate Cyber Force that is part of the Army. The plan includes 6,200 individuals consisting of servicemembers, civilians, and contractors.
According to the report, cyber threats are increasing in both size and severity, with China and Russia being highlighted as major contributors. The report mentioned that both countries are willing to use cyber attacks to interfere with important infrastructure, military communication systems, and political processes in the United States.
The statement emphasized that only members of Congress have the authority to establish a new independent service, therefore indicating that it is now necessary for legislators to take action.
APT31 targeted individuals at the White House, various US government departments, members of Congress, and the spouses of high-ranking officials.
Prosecutors say that the gang targeted individuals outside the US, including members of the Inter-Parliamentary Alliance on China (IPAC), a group established in 2020 to commemorate the 1989 Tiananmen Square protests and massacre. They also targeted dissidents, critical academics of the People's Republic of China (PRC), and 43 UK parliamentary IT accounts.
Aside from sending phishing emails, the group also employed advanced types of custom malware like RAWDOOR, Trochilus, EvilOSX, DropDoor/DropCat, and more to access victims' devices, carry out attacks, and steal confidential information.
According to the indictment, in late 2016, hackers used a previously unknown software vulnerability to access the systems of a US defense contractor based in Long Island, New York. This contractor is one of many that provide products and services to the American military that the hackers allegedly targeted.
Once they found a vulnerability that had not yet been discovered, the suspected spies made a new account on the company's network with high-level access, uploaded a tool for remote access called a web shell, connected to infrastructure controlled by APT31, and proceeded to investigate the defense contractor's systems and documents.
During the years 2017 to 2019, a group of individuals allegedly hacked into the networks of seven IT managed-service providers in various locations, including New York, California, Massachusetts, Colorado, Idaho, and abroad. This unauthorized access was then used to breach the servers of the MSPs' clients.
According to reports, hackers were able to access at least 15 servers on seven different networks through a California MSP. The targets of the attack included a finance company, a nuclear power engineering firm, a business that handles enterprise-resources planning, and three other IT managed-service providers.
Several other organizations affected by the cyber attack include a top supplier of 5G network equipment in the US, a steel company, a clothing manufacturer based in New York, an engineering firm in California, an energy company in Texas, and numerous others.