In a significant development highlighting ongoing cyber espionage concerns between the US, the UK, and China, the US government has charged seven Chinese nationals with allegedly engaging in a widespread cyber espionage campaign on behalf of Beijing. This move underscores escalating tensions between the two global powers, particularly in the realm of cybersecurity.
The US Department of Justice (DOJ) unsealed indictments against seven individuals from the People’s Republic of China (PRC), revealing a sophisticated cyber espionage network with global implications. The indicted nationals, identified as Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, Xiong Wang, and Zhao Guangzong, face charges of conspiracy to commit computer intrusions and wire fraud.
These individuals are believed to be part of the hacking group called APT40. This group is a highly skilled and sophisticated cybersecurity group conducting advanced and sustained malicious online activities. The group allegedly received support from the Chinese government and is accused of carrying out cyberattacks aimed at stealing sensitive information from various entities such as governments, private companies, and organizations across different sectors. Their apparent goal is to maintain ongoing access to a victim’s network.
Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division highlighted the broader context of these indictments and said, “The indictment unsealed today, together with statements from our foreign partners regarding related activity, shed further light on the PRC Ministry of State Security’s aggressive cyber espionage and transnational repression activities worldwide.”
A 14-year-long espionage campaign
The indictments accuse the defendants of spearheading a relentless campaign spanning approximately 14 years, targeting a wide array of victims, including US and foreign critics, businesses, and political officials. The APT31 Group, purportedly operating under the auspices of the PRC Ministry of State Security (MSS), allegedly conducted malicious cyber activities to further the PRC’s economic espionage and foreign intelligence objectives.
As per DOJ, the accused and their co-conspirators utilized advanced hacking methods, such as zero-day exploits, to breach networks and exfiltrate confidential information. The indictment specifically mentions the dissemination of over 10,000 malicious emails camouflaged as legitimate news articles, targeting unsuspecting individuals globally. These emails were rigged with covert tracking links that enabled surveillance and facilitated additional targeted cyber-attacks.
Attack on the UK’s Electoral Commission
This indictment has prompted a strong international reaction, with the UK explicitly attributing similar cyber misconduct to China-affiliated actors. According to a statement from the UK government, the National Cyber Security Centre (NCSC) has linked a Chinese state-affiliated entity to the compromise of the UK Electoral Commission’s systems between 2021 and 2022. Furthermore, the NCSC has assessed with high confidence that in 2021, APT31, another group affiliated with China’s state apparatus, engaged in reconnaissance activities targeting UK parliamentarians.
Deputy Prime Minister of the UK, Oliver Dowden, emphasized the government’s stance, asserting, “We will continue to call out this activity, holding the Chinese government accountable for its actions.” He described these incidents as “part of a clear pattern of malicious cyber activity by Chinese state-affiliated organizations and individuals targeting democratic institutions and parliamentarians in the UK and beyond.”
Foreign Secretary Lord Cameron echoed these sentiments, deeming the targeting of democratic institutions by China-affiliated entities as “completely unacceptable.”
Highlighting the resilience of the UK’s electoral system, Home Secretary James Cleverly said, “China’s attempts at espionage did not give them the results they wanted, and our new National Security Act has made the UK an even harder target. Our upcoming elections, at local and national level, are robust and secure.”
Australia and New Zealand raise similar concerns against China
Apart from the UK and the US, New Zealand has also raised a red flag and accused the Chinese government of malicious cyber activity. The Foreign Minister, Winston Peters, confirmed that New Zealand’s concerns have been directly conveyed to the Chinese government. He said, “The Prime Minister and Minister Collins have expressed concerns about cyberattacks sponsored by the Chinese government, targeting democratic institutions in both New Zealand and the United Kingdom.”
Australia has also joined other countries in condemning China for allegedly launching cyberattacks against the UK’s democratic institutions and parliamentarians. Although Australia’s electoral systems were not affected by the cyber campaigns directed towards the UK, the persistent targeting of democratic institutions and processes has implications for democratic and open societies like Australia. A statement from the Minister of Foreign Affairs emphasized this concern.
But it may be recalled that back in 2019, Australian intelligence reportedly concluded that China was responsible for a cyberattack on its national parliament and the three largest political parties before a general election. However, the Australian government did not officially disclose any culprit.
China has denied accusations leveled by the US and the UK. In response to these allegations, China’s Foreign Ministry Spokesperson, Lin Jian, said, “The origin-tracing of cyberattacks is highly complex and sensitive. When investigating and determining the nature of cyber cases, one needs to have adequate and objective evidence, instead of smearing other countries when facts do not exist, still less politicize cybersecurity issues.”
Lin Jian said he hopes related parties will stop spreading disinformation, take a responsible attitude, and work together to protect peace and security in cyberspace.
Coordinated Response: Financial Sanctions
In response to these developments, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the UK’s Foreign, Commonwealth, and Development Office have initiated sanctions against Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ) and two individuals linked to the company, Zhao Guangzong and Ni Gaobin.
In response to the sanctions, Jian said, “China opposes unilateral and illegal sanctions and will firmly defend its lawful rights and interests.”
These unfolding events mark a significant moment in the ongoing cybersecurity standoff between the US and China, further complicating an already tense bilateral relationship fraught with trade disputes, human rights concerns, and geopolitical rivalry. As this situation progresses, it will undoubtedly attract extensive attention from global policymakers, cybersecurity professionals, and the wider international community, eager to understand the ramifications of these charges on the future of international cybersecurity and diplomacy.