The US and UK have accused China-backed hackers of a long-running cyber campaign targeting politicians, journalists, and businesses with the aim of stealing information and suppressing critical pundits.
On Monday, the US Department of Justice (DOJ) announced seven nationals from the People’s Republic of China (PRC) were charged for their involvement in a PRC-based group which allegedly targeted those critical of the PRC over a span of about 14 years.
Identified in cyber security circles as APT31, the hacking group is widely suspected of operating under orders from the Chinese government, and has been known to exploit app vulnerabilities and use spear-phishing techniques to target high-profile assets in government, finance and defence.
The DOJ notes the group’s campaign targeted victims under the guise of prominent news outlets, nesting malicious emails with hidden tracking links which collected data on recipient locations, IP addresses, and device types.
From there, the group reportedly used this information to conduct more sophisticated, targeted hacks – such as compromising the victims’ home routers and other devices.
The seven defendants – whose alleged cyber campaign aimed to further the PRC’s “economic espionage and foreign intelligence objectives” – were charged with conspiracy to commit computer intrusions and conspiracy to commit wire fraud.
Deputy attorney general Lisa Monaco said the years-long campaign involved “over 10,000 malicious emails” impacting thousands of victims across multiple continents.
Monaco added the campaign allegedly targeted journalists, political officials, and companies to “repress critics of the Chinese regime”, infiltrate government organisations, and steal sensitive trade secrets.
“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” said US attorney general Merrick Garland.
“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies.”
Millions of UK voters targeted
Meanwhile, the UK National Cyber Security Centre (NCSC) says APT31 was “almost certainly” responsible for targeting UK parliamentarian emails in 2021 – most of whom have been “prominent in calling out the malign activity of China”.
Another attack which hit systems at the UK Electoral Commission between 2021 and 2022 was also attributed to a China state-affiliated threat actor, with the NCSC assessing it is “highly likely” both email and Electoral Register data was accessed.
While commission chair John Pullinger said the data accessed “does not impact how people register, vote or participate” in the country’s democratic processes, the group is accused of accessing names and address from millions of voters in the UK.
“The data, in combination with other data sources, would highly likely be used by the Chinese intelligence services for a range of purposes, including large-scale espionage and transnational repression of perceived dissidents and critics in the UK,” said the NCSC.
The UK government has issued sanctions against a front company and two individuals linked to APT31, and has further called on the Chinese government to “demonstrate its credibility as a responsible cyber actor.”
China refutes allegations, NZ weighs in
According to the BBC, China’s foreign ministry spokesperson Lin Jian denied the UK and US’ allegations, accusing the Western nations of “political manipulation”.
"We urge the US and UK to stop politicising cyber security issues,” said Jian.
“Stop smearing China and stop imposing unilateral sanctions on China.”
Jian added the evidence backing the UK’s electoral-related allegations was “inadequate”, stating the “Chinese side” had given technical clarifications to the “UK side” and made clear the evidence was insufficient – though UK officials allegedly failed to respond.
Jian also told reporters China will adopt measures to safeguard its lawful rights and interests.
Meanwhile, New Zealand government has also revealed itself as a victim of China-backed attacks.
Attorney general Judith Collins announced another PRC-linked group has been attributed for the 2021 compromise of New Zealand’s Parliamentary Counsel Office – which drafts and publishes legislation – as well as the country’s Parliamentary Service.
Collins said the networks of the two agencies contain “important information” which “enables the effective operation” of government, before stating New Zealand stands with the UK in its condemnation of PRC’s cyber campaign.
“The use of cyber-enabled espionage operations to interfere with democratic institutions and processes anywhere is unacceptable,” said Collins.
The Albanese government has also echoed condemnation of the alleged cyber campaign, but assured Australia’s own electoral systems had not been compromised.