US, UK accuse China of large-scale cyberattacks, election data theft

(Bloomberg) — The United States and United Kingdom have accused state-backed Chinese hackers of targeting politicians, businesses and dissidents for years, as well as stealing extensive data on British voters , in the latest revelation of cyberattacks that Washington and its allies have linked to the president. The government of Xi Jinping.

Most read on Bloomberg

U.S. officials said seven Chinese nationals targeted members of Congress and officials working at the White House and agencies including the Justice Department, as well as U.S. candidates, campaign staff and companies. The hackers, part of a state-sponsored group known as APT31, were charged with conspiracy to commit computer intrusions and conspiracy to commit wire fraud.

The United States and the United Kingdom announced sanctions against two of these individuals, as well as against a company in Wuhan, China, called Wuhan Xiaoruizhi Science and Technology Co. The United States alleged that they were of a facade that served as a cover for multiple malicious cyber operations and that the hackers worked there as contractors.

The UK has also accused China of having access to details of some 40 million voters held by the Electoral Commission, according to Deputy Prime Minister Oliver Dowden.

Read more: UK sanctions Chinese citizens for hacking voting and MP monitoring system

Monday's revelations add to a growing list of cybersecurity breaches that the United States and its allies say are supported by the Chinese government as part of broader global strategic and economic competition .

New Zealand has also established links between a state-sponsored actor linked to the Chinese government and malicious cyber activity targeting parliamentary activities there, Judith Collins, minister responsible for the Government Security Office, said in Wellington on Tuesday. communications. She said a compromise between the Office of the Parliamentary Counsel and the Parliamentary Service in 2021 was resolved quickly.

The story continues

China has disputed the claims, with a Foreign Ministry official in Beijing calling the UK's accusations disinformation and a spokesperson for the Chinese embassy in Washington saying in a statement that the US had arrived at an unjustified conclusion and made baseless accusations.

In January, the FBI said it dismantled infrastructure used by a Chinese state-backed group called Volt Typhoon, which targeted the U.S. power grid and pipelines. Last October, security officials from the Five Eyes Group (US, UK, Australia, New Zealand and Canada) sounded the alarm about Chinese hacking and spying in interviews with media and public appearances. In 2015, security researchers suspected Beijing of being behind the theft of more than 22 million U.S. security clearance records.

British Prime Minister Rishi Sunak said on Monday that China's increasingly assertive support for hacking poses a historic challenge and the greatest state threat to our economic security. The head of the U.S. Federal Bureau of Investigation, Christopher Wray, called them an ongoing and brash effort to undermine our nation's cybersecurity and target Americans and our innovation.

Malicious emails

According to U.S. authorities, some hacking activity successfully compromised target networks, email accounts, cloud storage accounts and phone call records, with some monitoring of compromised email accounts lasting for years.

The hacking campaign involved more than 10,000 malicious emails sent to targets that often appeared to come from prominent media outlets or journalists and appeared to contain legitimate news articles, U.S. authorities said. The emails contained hidden tracking links that would transmit information about the recipient, including their location and the devices used to access the email, to a server controlled by the defendants and others with whom they worked.

That information was used by the group to carry out more sophisticated hacks, the U.S. Justice Department said, including compromising home routers and other electronic devices.

Among the most alarming allegations, the United States said hackers began targeting email accounts belonging to several senior campaign officials of an unnamed presidential candidate around May 2020. In November, the hackers had sent emails containing tracking links to targets associated with other political campaigns, including a retired senior U.S. government national security official, according to the indictment.

US companies in the defense, information technology, telecommunications, manufacturing and trade, finance, consulting, legal and research sectors have been targeted by the group. Among the victims are a supplier of 5G network equipment in the United States, a research company based in Alabama. the aerospace and defense industries and a Maryland-based professional support services company, according to the U.S.

In the United Kingdom, the National Cyber ​​Security Center said it was almost certain that APT31 had carried out reconnaissance against British parliamentarians in a separate campaign in 2021, although no parliamentary accounts have been successfully compromised.

Britain summoned China's ambassador to London and Foreign Secretary David Cameron said in a separate statement that he had raised the issue directly with Chinese Foreign Minister Wang Yi.

For the UK, the episode marks an escalation of tensions that escalated after Hong Kong passed security legislation that the UK says is eroding freedoms in the city, contravening the handover deal signed between the two nations when governance of the territory was transferred to Beijing in 2017. 1997.

–With help from Ryan Gallagher, Daniel Flatley, Sana Pashankar, Isabella Ward, James Mayger and Matthew Brockett.

(Updated with comments from New Zealand officials in sixth paragraph)

Most read from Bloomberg Businessweek

2024 Bloomberg LP