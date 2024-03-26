



The US government on Monday accused seven Chinese nationals and a Wuhan-based company of orchestrating a massive hacking operation targeting political targets in the United States, in what is the latest attempt by Washington to curb what officials describe as increasingly aggressive cyber operations carried out by Beijing.

In an indictment unsealed in the Eastern District of New York, federal prosecutors allege that the group of seven Chinese nationals conspired in a sprawling operation to hack personal devices belonging to U.S. officials, US-based dissidents and corporations.

“The Department of Justice will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence dissidents protected by U.S. laws, or steal from American businesses,” Attorney General Merrick B. Garland said in a statement. communicated. “This case is a reminder of the lengths to which the Chinese government is willing to go to target and intimidate its critics,

Along with the indictment, the US Treasury Department imposed sanctions against a Wuhan-based technology company, Wuhan XRZ, suspected of conducting operations on behalf of a hacking group known as of APT31. The Treasury Department also sanctioned two individuals linked to the company's operations targeting U.S. critical infrastructure. The US State Department has announced a reward of up to $10 million for information about the group.

Monday's indictment and sanctions came in conjunction with moves by British officials to sanction Chinese hacking groups that targeted British election infrastructure.

The U.S. government describes Wuhan XRZ as a front company used by China's Ministry of State Security to conduct espionage and other cyber operations tracked for years by researchers and governments under the name APT31.

APT31 is “a group of Chinese state-sponsored intelligence officers, contract hackers, and support personnel who conduct malicious cyber operations on behalf of the Hubei State Security Department (HSSD),” the US Treasury Department said in a statement released Monday.

According to the Treasury Department, APT31's targets include senior U.S. government officials and their advisors; national security staff at the White House; officials from the Departments of Justice, Commerce, Treasury and State; Democratic and Republican Members of Congress; political campaign staff; and higher education institutions linked to the U.S. military.

In a statement Monday, Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, said the accusations by U.S. officials were “extremely irresponsible” and “a complete distortion of the facts.”

“Without valid evidence, the United States has drawn unwarranted conclusions and made baseless accusations against China,” Liu said, adding that “China is a major victim of cyberattacks” and “the United States itself “They themselves are the originators and greatest perpetrators of cyberattacks.” »

Experts said Monday's move by the Biden administration represented the latest in a series of moves by Washington to combat China's efforts to control speech and intimidate dissidents far beyond its borders.

“This indictment follows numerous others documenting China's efforts to oppress people abroad and in the United States,” said Dakota Cary, a China consultant for cybersecurity firm SentinelOne. “It is extremely important that the United States defends the freedoms of people residing in the United States against foreign oppression. This is what keeps the United States from becoming like China.”

British officials also accused Chinese hackers on Monday of targeting British politics. In a speech, Deputy Prime Minister Oliver Dowden accused China-linked hackers of being behind a 2021 Electoral Commission hack that stole data on 40 million registered British voters and a separate campaign the same year targeting email accounts belonging to three British party members. Parliament criticizing China.

“This is the latest in a clear series of hostile activities originating from China, including the targeting of democratic institutions and parliamentarians in the UK and beyond,” Dowden said.

At a press conference on Monday, the targeted MPs – Conservatives Iain Duncan Smith and Tim Loughton, as well as Scottish National Party member Stewart McDonald – described the operation against them as part of a wider effort of the government. The Chinese government has targeted British and Western society and called on the British government to “reset” its relationship with China.

The operation against members has been attributed to APT31, while the hack of the Electoral Commission has been attributed more generally to hackers linked to China.

An assessment by Britain's National Cyber ​​Security Center concluded that APT31 was “almost certainly” behind the email hacking attempts, describing them as part of “reconnaissance activity” by Beijing and that they had blocked by the Parliament security department. Meanwhile, the hack of the Election Commission was attributed solely to “a Chinese state-affiliated actor.”

APT31's operations have been the subject of detailed analysis by security researchers for years. Last year, for example, Intrusion Truth, an anonymous group of researchers with a history of publishing highly detailed information about Chinese cyber operations, reported a series of links between specific individuals linked to APT31, media business and links with Chinese companies. government.

The Election Commission breach – occurring in 2021, initially detected in October 2022 and first disclosed in August 2023 – affected the agency's file sharing and email systems, allowing hackers to access a wealth of personal data on around 40 million registered voters in the UK.

This information would have included the names and addresses of anyone in Britain who registered to vote between 2014 and 2022, voters in Northern Ireland who registered to vote in 2018, as well as information sent to the commission by email or via the contact form on its website.

The Electoral Commission has publicly downplayed the value this type of information could bring to malicious parties, saying in its initial announcement that much of this data is already in the public domain and that an internal risk assessment has determined that “Personal data contained in electoral rolls, usually name and address, does not in itself pose a high risk to individuals. While the commission aggregates this data from across Britain, voter registration and live electoral rolls are managed by local authorities.

“It is possible, however, that this data will be combined with other data in the public domain, such as that which individuals choose to share themselves, to infer patterns of behavior or to identify and profile individuals,” the statement said. commission last year.

Jamie MacColl, a researcher at the Royal United Services Institute, a London-based defense and security think tank, questioned whether the resulting data would be of significant use. MaColl called the data “difficult to mine” and expressed skepticism about whether the operation described by British officials warranted such a strong response, given that spying targeting members of national legislatures is commonplace .

MacColl noted, however, that the incident could shake public confidence in the integrity of the attack.

Following the incident, the UK Electoral Commission admitted that it had failed a cybersecurity audit administered by the National Cyber ​​Security Centre.

John Pullinger, chairman of the Electoral Commission, said on Monday that the hack “demonstrates the international threats to the UK's democratic process and its institutions”, but reiterated that the agency does not believe the hack will have any impact. impact on the British elections.

“The UK's democratic processes and systems are widely dispersed and their resilience has increased since the attack. Voters have, and should continue to have, great confidence in the voting process,” Pullinger said.

Written by AJ Vicens and Derek B. Johnson

