APT31, identified as the Chinese cyber espionage entity, has drawn attention from both the United States and Britain due to their numerous criminal activities which already resulted in charges and sanctions imposed on associated individuals and a company allegedly linked to the group’s activities.
Coding, cybersecurity – illustrative photo. Image credit: Mika Baumeister via Unsplash, free license
The purported perpetrators, believed to be under the auspices of China’s Ministry of State Security, are accused of orchestrating a widespread cyber espionage campaign spanning over a decade. Their targets are very diverse and range from government officials, legislators, and activists to academics, journalists, and even entities like defense contractors and a prominent U.S. smartphone manufacturer.
China has refuted these allegations, urging the U.S. and British governments to desist from politicizing cybersecurity matters, refrain from tarnishing China’s reputation, and halt unilateral sanctions and cyber attacks directed at China.
APT31, also known as Zirconium, consists of a network of Chinese state-sponsored intelligence operatives, contract hackers, and supporting personnel engaged in malicious cyber operations, according to the U.S. Treasury Department. Defined as Advanced Persistent Threats (APTs), groups like APT31 are typically associated with individuals or groups, often with state backing, involved in nefarious cyber activities.
Operating under the guise of Wuhan Xiaoruizhi Science and Technology Company (Wuhan XRZ), APT31 allegedly conducted its operations from at least 2010 until January 2024, as indicated by a U.S. indictment filed in New York’s eastern district court. For example, the New Zealand government has attributed a cyber intrusion on its parliament in 2021 to another state-backed Chinese hacking group known as APT40.
APT31 is accused of targeting thousands of U.S. and foreign politicians, foreign policy experts, and various individuals as part of the Chinese Ministry of State Security’s (MSS) foreign intelligence and economic espionage endeavors, according to U.S. authorities. Among the targets were individuals associated with the White House, the State Department, and even spouses of officials.
Allegedly, these cyber intrusions often coincided with geopolitical events concerning China.
The available U.S. documents suggest this conspiracy involved over 10,000 malicious emails across multiple continents with the objectives purportedly included stifling critics of Beijing, compromising governmental institutions, and stealing trade secrets.
As a response, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Wuhan XRZ and seven Chinese individuals on March 25, including Ni Gaobin and Zhao Guangzong.
Similarly, the British government imposed sanctions on the same Wuhan-based company, along with the two aforementioned individuals. The British authorities allege their involvement in a 2021 email hack targeting the Inter-Parliamentary Alliance on China (IPAC) and a cyberattack on Britain’s Electoral Commission spanning 2021-2022.
Written by Vytautas Valinskas