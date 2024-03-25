



The US and UK are taking action against actors affiliated with the Chinese state-sponsored APT 31 hacking group.

WASHINGTON Today, the Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a front company of the Ministry of State Security (MSS) based in Wuhan, China, which served as a cover for several malicious cyber operations. OFAC also names Zhao Guangzong and Ni Gaobin, two Chinese nationals affiliated with Wuhan XRZ, for their roles in malicious cyber operations targeting U.S. entities that operate in U.S. critical infrastructure sectors, directly endangering security American national. This action is part of a collaborative effort. with the United States Department of Justice, the Federal Bureau of Investigation (FBI), the Department of State and the United Kingdom Foreign, Commonwealth and Development Office (FCDO).

State-sponsored malicious cyber actors from the People's Republic of China (PRC) continue to be one of the largest and most persistent threats to U.S. national security, as highlighted in the most recent annual assessment threats from the Office of the Director of National Intelligence.

The United States is working to both disrupt the dangerous and irresponsible actions of malicious cyber actors, as well as protect our citizens and critical infrastructure, said Treasury Under Secretary for Terrorism and Financial Intelligence Brian E Nelson. Through our whole-of-government approach and in close coordination with our UK partners, the Treasury will continue to leverage our tools to expose these networks and protect against these threats.

Today, the Ministry of Justice unsealed the indictments of Zhao Guangzong, Ni Gaobin and five other defendants; and the U.S. Department of State has announced a Rewards for Justice offering for information about these individuals, their organizations, or any associated individuals or entities; and the UK Foreign, Commonwealth and Development Office implemented corresponding sanctions.

APT 31: A CHINESE MALICIOUS CYBERGROUP

An advanced persistent threat (APT) is a sophisticated cyber actor or group capable of conducting advanced and sustained malicious cyber activity, often with the goal of maintaining continued access to a victim's network. Information security researchers will categorize and name certain APTs based on observed patterns such as the location of perpetrators, types of victims targeted, and techniques used in malicious cyber activity. APT 31 is a group of Chinese state-sponsored intelligence officers, contract hackers, and support personnel who conduct malicious cyber operations on behalf of the Hubei State Security Department (HSSD). APT 31 has targeted a broad range of senior U.S. government officials and their advisors who are integral to U.S. national security, including White House staff; the Departments of Justice, Commerce, Treasury and State; members of Congress, including Democratic and Republican senators; the United States Naval Academy; and the China Institute of Maritime Studies of the United States Naval War Colleges.

APT 31 has targeted casualties in some of the Americas' most vital infrastructure sectors, including the defense industrial base, information technology, and energy sectors. APT 31 actors gained unauthorized access to several defense industrial base victims, including a defense contractor that manufactured flight simulators for the U.S. military, an aerospace contractor and defense company based in Tennessee and an aerospace and defense research company based in Alabama. Additionally, APT 31 actors gained unauthorized access to a Texas-based energy company, as well as a California-based managed services provider.

In 2010, the HSSD established Wuhan XRZ as a front company to conduct cyber operations. This malicious cyber activity has resulted in the surveillance of U.S. and foreign politicians, foreign policy experts, academics, journalists, and pro-democracy activists, as well as individuals and companies operating in fields of national importance. In 2018, Wuhan XRZ employees conducted a malicious APT 31 cyber operation on a Texas-based energy company, gaining unauthorized access.

OFAC designates Wuhan cyber activities originating from, or directed by, persons located, in whole or in substantial part, outside the United States and which are reasonably likely to result in, or have materially contributed to, a significant threat to national security, policy foreign, economic health or financial stability of the United States and which has the purpose or effect of harming, or significantly impairing the provision of services by, a computer or a network of computers that supports a or multiple entities in a critical infrastructure sector.

Zhao Guangzong is a Chinese national who conducted numerous malicious cyber operations against U.S. victims as a subcontractor for Wuhan XRZ. Zhao Guangzong was behind the 2020 APT 31 spear phishing operation against the United States Naval Academy and the China Institute of Maritime Studies of the United States Naval War Colleges. Additionally, Zhao Guangzong has carried out numerous spear phishing operations against Hong Kong lawmakers and democracy advocates.

OFAC designates Zhao Guangzong pursuant to EO 13694, as amended, for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Wuhan XRZ, an entity whose ownership or interests in the property are blocked. in accordance with EO13694, as amended.

Ni Gaobin is a Chinese national who has conducted numerous malicious cyber operations against American victims. Ni Gaobin assisted Zhao Guangzong in many of his most high-profile malicious cyber activities while Zhao Guangzong was a contractor at Wuhan XRZ, including the 2020 spear phishing operation against the United States Naval Academy and Institute of Maritime Studies of China from the United States Naval War Colleges.

OFAC designates Ni Gaobin pursuant to EO 13694, as amended, for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Wuhan XRZ, an entity owned or operated by interest in the property is blocked. in accordance with EO 13694, as amended.

IMPLICATIONS OF SANCTIONS

As a result of today's action, all property and interests in property of the designated persons and entities described above that are in the United States or in the possession or control of United States persons are blocked and must be reported to OFAC. In addition, all entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons, are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempted, OFAC regulations generally prohibit all transactions by U.S. persons or within (or in transit) of the United States that involve property or interests in property of designated or otherwise blocked persons.

Additionally, financial institutions and other individuals that engage in certain transactions or activities with sanctioned entities and individuals may be subject to sanctions or enforcement action. Prohibitions include making any contribution or supply of funds, goods or services by, to or for the benefit of any designated person, or receiving any contribution or supply of funds, goods or services from 'such a person.

OFAC's sanctions power and integrity derive not only from OFAC's ability to designate and add individuals to the SDN List, but also from its willingness to remove individuals from the SDN List in accordance with the law. The ultimate goal of sanctions is not to punish, but to bring about positive change in behavior. For more information on the process of requesting removal from an OFAC list, including the SDN list, please refer to OFAC Frequently Asked Questions 897 here. For detailed information on the process of submitting a request to be removed from an OFAC sanctions list, please click here.

Click here for more information on the individuals and entities designated today.

