US alleges massive Chinese state-backed hacking program

7 Chinese have been charged with hacking offenses tied to China’s Ministry of State Security.
By Alex Willemyns for RFA
2024.03.25
Washington
US alleges massive Chinese state-backed hacking program Seven suspects are charged with conspiracy to commit computer intrusions and conspiracy to commit wire fraud. They are, from top left, Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen. From left, second row, Sun Xiaohui, Xiong Wang, and Zhao Guangzong.
Provided by the United States District Court, Eastern District of New York

U.S. Attorney-General Merrick Garland on Monday accused the Chinese government of an effort “to intimidate Americans” and silence dissidents abroad by using a massive state-run hacking program.

The Chinese Embassy denied the claims as “groundless” and said they were part of an ongoing smear campaign by the United States.

Garland’s comment came as the U.S. Justice Department unsealed charges against seven Chinese nationals it says are part of a hacking program run by China’s Ministry of State Security, or MSS, and has targeted the White House, Congress and critics of Beijing.

“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” Garland said after the charges were announced.

“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics,” he said.

A Justice Department statement named the seven accused as Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, Xiong Wang and Zhao Guangzong. It said they were charged with conspiracy to commit computer intrusions and conspiracy to commit wire fraud.

Their “vast illegal hacking operation” was aimed at both “economic espionage and foreign intelligence objectives” and targeted American private companies, journalists, elected officials, academics and Chinese dissidents living in the United States, it said.

Matthew Olsen, assistant U.S. attorney general in charge of national security matters, said that the seven indictments helped to “shed further light” on the “Ministry of State Security’s aggressive cyber espionage and transnational repression activities worldwide.”

ENG_CHN_HackingSanctions_03252024.2.JPG
Assistant Attorney General Justice Department's National Security Division Matthew Olsen speaks at a news conference, March 4, 2024, in Boston. (Steven Senne/AP)

The U.S. State Department said it was offering rewards for any information leading to the arrest of the seven accused hackers. The U.S. Treasury, meanwhile, issued a spate of related sanctions against hackers it said were also tied to the Ministry of State Security.

Hacking program

Known to cyber security experts as Advanced Persistent Threat 31, or APT31, the group was allegedly “part of a cyberespionage program run by the MSS’s Hubei State Security Department” in Wuhan.

The alleged hackers stand accused of both “testing and exploiting” the malware used to target people in the United States and of “conducting surveillance and intrusions” against specific people and companies.

Targeted American officials “included individuals working in the White House, at the Departments of Justice, Commerce, Treasury and State, and U.S. Senators and Representatives of both political parties.” Other prominent targets included Hong Kong pro-democracy activists, a defense contractor and an American opinion polling company.

The hackers sent out more than 10,000 emails since 2010, the Justice Department said, which had at times “resulted in successful compromises of the targets’ networks, email accounts, cloud storage accounts, and telephone call records” that lasted for years.

The emails “often appeared to be from prominent news outlets or journalists and appeared to contain legitimate news articles,” it said. 

However, they in fact “contained hidden tracking links, such that if the recipient simply opened the email, information about the recipient” was sent back to servers in China, including about their other devices.

They then “used this information to enable more direct and sophisticated targeted hacking” of their targets, including taking control of their home internet routers and devices, it said, enabling them often unfettered access to the professional and personal information.

The hackers typically used “zero-day” exploits, which refers to how long security vulnerabilities have been known to the wider community – meaning, essentially, that the holes had yet to be discovered.

Chinese denial

The charges follow FBI Director Christopher Wray’s recent warning that Chinese state-backed hackers were waiting to “wreak havoc” on critical infrastructure in the United States if ordered to do so by Beijing.

Chinese officials have denied those claims. On Monday, they continued to paint the accusations as being part of a smear campaign.

Liu Pengyu, the spokesperson for the Chinese Embassy in Washington, told Radio Free Asia that China is in fact “a major victim” of cyberattacks and accused the United States of being “the origin and the biggest perpetrator of cyberattacks” worldwide.

He in turn accused American state-backed hackers of targeting Chinese critical infrastructure, a claim U.S. officials have denied.

“China firmly opposes and cracks down on all forms of cyberattacks in accordance with law,” Liu said, calling on U.S. officials to “stop smearing other countries under the excuse of cyber security.”

“Without valid evidence, the U.S. jumped to an unwarranted conclusion and made groundless accusations against China,” he added. “It is extremely irresponsible and is a complete distortion of facts.”

But the denials are unlikely to sway officials in Washington.

The U.S. Treasury Department on Monday said it had also issued sanctions against the Wuhan Xiaoruizhi Science and Technology Company, which it called “a front company” of the Ministry of State Security responsible for “multiple malicious cyber operations.”

A statement from the Treasury Department said that more Chinese nationals – Zhao Guangzong and Ni Gaobin – were sanctioned for their role in the “front company,” which it said specifically targeted critical infrastructure companies and was linked to APT31.

ENG_CHN_HackingSanctions_03252024.3.JPG
The provincial offices of the Ministry of State Security and Ministry of Public Security located in Hubei Province. (Vmenkov via Wikimedia)

Zhao and Ni are specifically accused of targeting the U.S. Naval Academy and the U.S. Naval War College’s China Maritime Studies Institute in a “spear-phishing” attack that took place in 2010. 

The sanctions ban American citizens and companies from doing business with those targeted, including providing any banking and financial services, and bans those targeted from U.S. soil.

Similar sanctions were also issued by the United Kingdom, with British Foreign Secretary David Cameron calling the alleged hacking program “completely unacceptable” and a threat to freedoms worldwide.

“One of the reasons that it is important to make this statement is that other countries should see the detail of threats that our systems and democracies face,” Cameron said, adding that he had already raised his concerns directly with Chinese Foreign Minister Wang Yi.

Edited by Malcolm Foster

POST A COMMENT

Add your comment by filling out the form below in plain text. Comments are approved by a moderator and can be edited in accordance with RFAs Terms of Use. Comments will not appear in real time. RFA is not responsible for the content of the postings. Please, be respectful of others' point of view and stick to the facts.