US and UK sanction alleged Chinese cyber espionage entities
What's the story
The US and the UK have taken punitive measures against Chinese individuals and groups, believed to be behind a widespread cyber espionage campaign that targeted politicians, journalists, and critics of Beijing.
The operation, reportedly linked to a branch of China's state security ministry, was disclosed on Monday.
According to the US and UK governments, the hacking campaign aimed at private individuals, companies of strategic importance, and government officials.
Scenario
US and UK attribute cyber attacks to APT 31
The cybercrime group, Advanced Persistent Threat 31 (APT 31), believed to be connected to China's state security ministry in Wuhan, has been named by both the US and UK as the offender.
APT 31, which goes by various aliases including Zirconium, Violet Typhoon, Judgment Panda, and Altaire, has been implicated in several high-profile attacks in the past.
In 2020, tech giants Google and Microsoft alerted that this group had targeted personal emails of staff members working on Joe Biden's campaign.
Information
Over 20 APTs are suspected to be operated by China
Western intelligence specialists employ the APT nomenclature to pinpoint cyberattack factions associated with foreign administrations. Mandiant, a cybersecurity company under Google's umbrella, reports over 40 APT collectives, with over 20 allegedly under Chinese operation.
Insights
The UK government outlined two malicious cyber campaigns
The UK government has detailed two "malicious cyber campaigns" that targeted democratic institutions and lawmakers.
The first campaign reportedly allowed Beijing to access the personal data of approximately 40 million voters held by the Electoral Commission between late 2021 and October 2022.
The second campaign was aimed at UK lawmakers who are outspoken critics of China.
UK intelligence say that it's "highly likely" that APT 31 conducted "reconnaissance activity against UK parliamentarians." However, none of their accounts were breached.
Facts
US Justice Department details global hacking campaign
In its statement on Monday, the US Department of Justice detailed a worldwide campaign that spanned 14 years, targeting political dissidents, critics of China, US government officials, political candidates, and American companies.
The department verified that some of the activities successfully breached "email accounts, cloud storage accounts, and telephone call records."
The US alleges that in 2021, APT 31 targeted the email accounts of foreign government officials who were part of the Inter-Parliamentary Alliance on China (IPAC).
Findings
APT 31's phishing techniques and targets
Both the UK and US governments claim that APT 31 employed phishing techniques to gain access to sensitive information.
US Deputy Attorney General Lisa Monaco stated that over 10,000 emails were sent as part of this campaign.
These emails contained concealed tracking links that relayed information like the recipient's location, device details, and IP address to a server controlled by the hackers.
The operation's main objective was to "silence critics of Chinese regime, compromise government institutions and pilfer trade secrets."
Goal
What objectives were the hackers pursuing?
The US says APT 31 focused on "numerous companies operating in sectors of vital national economic significance," which encompassed entities in defense, telecommunications, and manufacturing.
These actions led to "confirmed...compromise of economic strategies, intellectual property, and trade secrets."
Furthermore, individuals related to high-ranking White House officials, US senators, and campaign personnel from major US political parties, were targeted.
Others
New Zealand pins parliamentary network attack on APT 40
Separately, New Zealand has also traced a 2021 cyber breach of its sensitive government computer systems, back to Chinese hackers allegedly sponsored by the state.
New Zealand has pointed the finger at Chinese state-backed group, APT 40, for the breach of its parliamentary network.
Cybersecurity firm Mandiant identifies APT 40 as a Chinese cyber espionage entity.
This group is primarily known for targeting nations that hold strategic importance to China's Belt and Road Initiative.