MANHATTAN (CN) — Seven individuals associated with the Chinese government’s intelligence services targeted thousands of individuals in the U.S. and other countries — including political officials — as part of a series of China-based hacking operations, according to an indictment unsealed Monday.
Federal prosecutors say the individuals were part of a private Chinese hacking company established by the Hubei State Security Department based in Wuhan, China. The company — Wuhan Xiaoruizhi Science & Technology (Wuhan XRZ) — was used as a front for the APT31 hacking group to carry out the department’s computer intrusion activities.
The individuals — Ni Gaobin, Zhao Guangzong, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui and Xiong Wang — now face charges for conspiracy to commit computer intrusions and conspiracy to commit wire fraud.
Since at least 2010, federal prosecutors say the individuals and other members of the group have sent over 10,000 emails targeting political dissidents and perceived supporters inside and outside of China. They also targeted government and political officials, candidates and campaign personnel in the United States and elsewhere, as well as American companies.
According to the indictment, many of these emails appeared to be from legitimate journalists but once a target opened the email, information about their location, IP address and network schematics was sent back to the hackers. As a result, millions of Americans’ work and personal email accounts, cloud storage accounts and telephone call records were compromised, the Justice Department says.
“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” U.S. Attorney General Merrick Garland said in a statement. “This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies.”
According to the indictment, the individuals began targeting email accounts belonging to several senior campaign staff members ahead of the 2020 presidential election. In March 2022, the group also sent tracking links to various government officials in the U.S. Senate, the State Department and the Departments of Commerce, Labor and Transportation.
The accusations laid out in the indictment are consistent with a March 2021 Joint Report that cited incidents of Chinese government-affiliated actors striking at the security of networks associated with U.S. political organizations, candidates and campaigns during the 2020 federal elections.
They also targeted the email accounts of various government individuals from across the world who were part of the Inter-Parliamentary Alliance on China, a group founded in 2020 on the anniversary of the 1989 Tiananmen Square protests to counter the threats posed by the Chinese Communist Party.
Prosecutors say that in January 2021 the group sent more than 1,000 emails to more than 400 accounts of individuals associated with the alliance. Victims that opened the emails revealed their IP addresses, browser types and operating systems to the hackers.
From 2010 to 2023, the hacking group also gained access to companies, research institutions and other organizations in the defense industry, the IT industry, the telecommunications industry, the manufacturing and trade industry, the finance and consulting industry, the legal industry and the research industry.
Prosecutors say the group targeted individual dissidents around the world and those who were perceived to be supporting those dissidents. For instance, in 2018, prosecutors say the group targeted Norwegian government officials and a Norwegian managed service provider after several activists who spearheaded Hong Kong’s Umbrella Movement were nominated for the Nobel Peace Prize.
“Today’s announcements underscore the need to remain vigilant to cybersecurity threats and the potential for cyber-enabled foreign malign influence efforts, especially as we approach the 2024 election cycle,” Assistant Attorney General Matthew Olsen of the Justice Department’s National Security Division said in a statement.
Assistant U.S. Attorneys Douglas M. Pravda, Sarithan Komatireddy and Jessica Weigel are in charge of the prosecution.
The United States, along with the United Kingdom, has also sanctioned Gaobin, Guangzong and Wuhan XRZ, the Treasury Department announced Monday.
According to the Treasury Department, Wuhan XRZ is responsible for some of the most malicious cyberattacks to hit the U.S., including the 2020 spear phishing operation against the U.S. Naval Academy and the U.S. Naval War College’s China Maritime Studies Institute.
The State Department also announced a reward of up to $10 million for information on the group and the defendants.
Follow @NikaSchoonover
Subscribe to Closing Arguments
Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.
Additional Reads
-
Feds shuttering scandal-ridden Bay Area women’s prison April 15, 2024 -
-
Prince Harry loses bid to appeal UK security ruling April 15, 2024 -
