The U.S. government imposed new economic sanctions Monday on a Chinese company linked to Beijing’s Ministry of State Security spy service, accusing the firm of conducting cyberattacks against critical U.S. infrastructure, the Treasury Department announced.
In a related action, the Justice Department indicted seven Chinese state-linked hackers who were charged with targeting senior U.S. officials, including at the White House and in the Senate, along with critics of the Chinese Communist Party, in cyberattacks.
The U.S. Treasury Department’s Office of Foreign Assets Control said it had moved against a Chinese state-sponsored hacking firm identified as the Wuhan Xiaoruishi Science and Technology Co., Ltd., alleging that it operated as a front for the spy agency.
In a statement, the department described the company as, “a Wuhan, China-based Ministry of State Security (MSS) front company that has served as cover for multiple malicious cyber operations.”
Two Chinese nationals with the company, identified as Zhao Guangzong and Ni Gaobin, also were sanctioned for what Treasury said were malicious cyber operations targeting U.S. companies that control critical infrastructure. The activities were described as “directly endangering U.S. national security.”
The two sanctioned Chinese nationals also were among the seven people in China identified in a federal indictment unsealed in New York. Prosecutors there say the two were part of MSS transnational repression operations, economic espionage and foreign spying, the Justice Department said in its statement.
All the Chinese were part of a hacking group dubbed by the government as “APT31,” or Advanced Persistent Threat 31, which the U.S. government says is an MSS-linked cyber group.
The indictment charged the seven people with conspiracy to commit computer intrusions and wire fraud as part of what prosecutors say was a 14-year MSS program targeting U.S. and foreign critics, businesses and political officials.
“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” said Attorney General Merrick Garland. “This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies.”
A Chinese Embassy spokesman criticized the U.S. government action.
“Without valid evidence, the U.S. jumped to an unwarranted conclusion and made groundless accusations against China,” said Liu Pengyu, a spokesperson for the Chinese Embassy.
All seven of those named in the indictments are believed to be living in China.
The Treasury statement noted that the recent Office of the Director of National Intelligence annual threat assessment identified Chinese government hacking operations as one of the most serious national security threats.
Brian E. Nelson, Treasury undersecretary for terrorism and financial intelligence, said Monday’s moves were designed to disrupt “dangerous and irresponsible actions of malicious cyber actors, as well as protecting our citizens and our critical infrastructure,” and the the U.S. worked with the British government on the operation.
The APT 31 group is said to be a sophisticated hacking group capable of breaking into a wide range of sensitive computer networks.
“APT 31 is a collection of Chinese state-sponsored intelligence officers, contract hackers, and support staff that conduct malicious cyber operations on behalf of the Hubei State Security Department,” the Treasury statement said.
The group has targeted high-ranking U.S. government officials and their advisers, including staff members at the White House, Justice, Treasury, Commerce and State Departments, Democratic and Republican members of Congress, and the U.S. Naval War College’s China Maritime Studies Institute, authorities said.
The government said the APT 31 hackers also sought entry into networks of the most vital critical infrastructure sectors, including those at defense industry companies, information technology companies and the energy sector. Victims of the Chinese cyberattacks included a U.S. defense contractor that makes military flight simulators, a Tennessee-based aerospace and defense contractor, and an Alabama-based aerospace and defense research corporation, the Treasury Department said.
The Chinese hackers also breached the network of a Texas-based energy company, and a California-based managed service provider.
The companies were not identified by name in court papers.
The sanctions call for seizing all property and interests of the Wuhan company and two Chinese nationals in the United States and prohibiting the sanctioned entities from using the U.S. financial system. Since the Chinese probably do not have U.S. assets, the sanctions are largely symbolic.
“Today’s announcement exposes China’s continuous and brash efforts to undermine our nation’s cybersecurity and target Americans and our innovation,” said FBI Director Christopher A. Wray, vowing to “tirelessly pursue those who threaten our nation’s security and prosperity.
According to Monday’s actions, the hackers sent more than 10,000 malicious emails that appeared to be from news outlets or journalists but contained hidden tracking links that allowed the hackers to identify the target’s location, internet protocol (IP) addresses, network schematics, and specific devices used to access the pertinent email accounts. The information was then used to conduct hacking attacks.
One British group targeted by the hackers was the Inter-Parliamentary Alliance on China (IPAC), founded in 2020 on the anniversary of the 1989 Tiananmen Square massacre. Targets included all European Union members of IPAC, and 43 British parliamentary accounts, most of whom were members of IPAC or had been critics of the Chinese government.
In the United States, spouses of U.S. officials were also targeted by the hackers, including spouses of high-ranking White House officials and several U.S. senators.
Election campaign staff for both the Republican and Democratic parties were also targeted in advance of the 2020 election, the Justice Department said.