Feds charge Chinese hackers in plot targeting U.S. politicians, national security, journalists

Hackers tied to the Chinese government targeted high-ranking U.S. politicians, businesses and critics in a years-long scheme to attack critical pieces of America's infrastructure, federal prosecutors said Monday in an indictment of seven foreign nationals.

White House officials, U.S. senators, defense contractors, journalists and technology companies were among thousands targeted in the cyber operation, the Justice Department said.

The United Kingdom also announced sanctions on Monday against a state-sponsored company, which it alleged was involved in an attack on parliamentarians’ emails in 2021.

“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies,” said Attorney General Merrick Garland.

Monday’s announcement comes two months after Federal Bureau of Investigation Director Christopher Wray warned Congress that Chinese hackers were preparing to “wreak havoc” on American infrastructure such as the electric grid and transportation systems.

U.S. announces sanctions against Chinese company

The Department of Treasury announced sanctions against Wuhan Xiaoruizhi Science and Technology Co., Ltd., a front company that China’s Hubei State Security Department used as a cover for cyberattacks by a hacking group known as “Advanced Persistent Threat 31,” or APT31, according to federal prosecutors.

"The more than 10,000 malicious emails that the defendants and others in the APT31 Group sent to . . . targets often appeared to be from prominent news outlets or journalists and appeared to contain legitimate news articles," prosecutors said in a statement.

The malicious emails contained hidden tracking links, such that if the recipient simply opened the email, information about the person or agency - including location, internet protocol (IP) addresses and network and router information - was transmitted to a server controlled by the hackers, prosecutors said.

Two of the seven people charged in the federal indictment were also sanctioned. Zhao Guangzong and Ni Gaobin were behind high-profile malicious cyber-attacks, the Treasury Department alleged, including the 2020 spear phishing operation against the U.S. Naval Academy and the U.S. Naval War College’s China Maritime Studies Institute. 

APT31 also targeted critics of the Chinese government, the indictment said. In 2019, the hackers allegedly targeted Hong Kong pro-democracy activists in the U.S. and abroad, along with legislators, activists and journalists associated with Hong Kong’s democracy movement.

Chinese Embassy spokesperson Liu Pengyu told USA TODAY that China "firmly opposes and cracks down on all forms of cyberattacks in accordance with law."

"Without valid evidence, the US jumped to an unwarranted conclusion, made groundless accusations and opposed illegal and unilateral sanctions against China, which is extremely irresponsible. China firmly opposes this and will firmly safeguard its lawful rights and interests," Pengyu said.

Hacking group tied to wide span of attacks

The seven people charged in the indictment, along with dozens of others, were part of APT31 and operated on behalf of China’s Hubei State Security Department, federal prosecutors said. All of the defendants are believed to be living in China, according to the Justice Department.

Since 2010, the cyberattack group allegedly attempted to compromise email accounts, cloud storage accounts and phone call logs belonging to millions of Americans, the indictment said, including some information that could have targeted “democratic processes and institutions" if released. Surveillance on some compromised email accounts allegedly lasted several years.

Since 2015, APT31 allegedly sent more than 10,000 emails that appeared to be from news outlets or journalists with domains such as @dailytrainnews.com or @nynewsweek.com. Among the recipients were officials at the White House, Departments of Justice, Commerce, Treasury and State, Congress members of more than ten states, government contractors and political strategists, indictment said.

The group targeted a wide breadth of people and companies in its cyber-attacks, including campaign staff members for a presidential campaign in 2020, critics in the U.S. and abroad of the Chinese government, and U.S.-based companies across several industries, including defense, finance, telecommunications, engineering and research, according to court documents.

“These allegations pull back the curtain on China’s vast illegal hacking operation that targeted sensitive data from U.S. elected and government officials, journalists and academics; valuable information from American companies; and political dissidents in America and abroad," said U.S. Attorney Breon Peace.