It would involve a year-long operation to spy on thousands of politicians, journalists, companies and critics of the Chinese government in the United States, the United Kingdom, New Zealand and possibly more countries. The hackers attacked, among other things, the British Electoral Commission, where they captured the personal and address data of approximately 40 million eligible voters. The British government announced this huge hack last year, but until now it was unclear who was behind it.
The cyber criminals sent sophisticated phishing emails to, for example, government officials and Chinese dissidents abroad. Anyone who fell for this gave their location and IP address, which in turn provided the key for more complex hacks to gain access to sensitive communications and entire government systems. In the British case, the hackers accessed email servers and copies of electoral lists between August 2021 and October 2022. It was one of the biggest hacks in British history, but according to the government it had no influence on the elections.
Similarly, the hackers also attempted to break into the email accounts of British MPs critical of Beijing, as well as US White House staff and in some cases their associates. According to the US Department of Justice, the hacker group has successfully attacked several US companies – from telecom to defense – and Hong Kong pro-democracy activists in Hong Kong, the US and other countries. In addition, the New Zealand government holds China responsible for attacks on government systems that already took place in 2021.
Unprecedented scale
Western intelligence services and governments have been warning for some time about such forms of cyber attacks and espionage by China. Yet the revelations of the past few days have caused quite a shock, especially because they make clear the scale on which this is happening. “Today’s announcement exposes China’s continued and harebrained efforts to undermine the cybersecurity of our country and our partners,” FBI Director Christopher Wray said.
Washington and London have announced sanctions against Wuhan Xiaoruizhi Science and Technology Company Limited. They say they have evidence that this tech company is a front for a notorious hacking group called APT 31. Western intelligence services use the term Advanced Persistent Threat for hacker groups with ties to a foreign government. More than forty such groups have been identified, half of which are likely under the Chinese state.
APT 31, also known as ‘Judgment Panda’, is directly affiliated with the Chinese Ministry of Public Security and has been operating from the city of Wuhan for fourteen years, according to the US Department of Justice. Microsoft and Google warned in 2020 that the group was targeting the personal email addresses of campaign employees of then-presidential candidate Joe Biden. The UK says APT 31 was involved in a global hack of the Microsoft Exchange mail server in 2021.
Awarded $10 million
The British government, which has come under criticism for its slow response, has summoned the Chinese ambassador and is also taking action against two Chinese citizens. Their assets are frozen and they are banned from entering. The United States has offered a reward of up to 10 million dollars (more than 9 million euros) for information about seven individuals. These people are said to have personally sent more than ten thousand such phishing emails.
New Zealand announced on Tuesday that the attacks on parliamentarians, among others, were carried out by another group called APT 40. According to US cybersecurity firm Mandiant, this group has been attacking government agencies, companies and universities operating in sectors central to China’s Belt and Road Initiative since 2009. The government is not imposing sanctions because no sensitive information has been stolen, but does warn of the dangers of ‘Chinese state-sponsored hacker groups’.
The serious accusations have not been well received in China and will further increase existing diplomatic tensions. The spokesperson for the Ministry of Foreign Affairs calls the evidence provided insufficient and says that the United States and the United Kingdom must stop ‘politicizing cybersecurity’. For many British MPs, the public accusation does not go far enough, they are demanding far-reaching measures from the government such as officially labeling China as a ‘threat’.
‘Danger to our way of life’
According to FBI Chief Wray, Chinese hacks pose a major threat to national security and the Chinese cyber threat will only increase further.
“The West must realize that this is a danger to the way we live, to our belief in democracy, human rights, freedom of expression and freedom of belief,” British MP Iain Duncan Smith said on Monday.
Tags: accuse Chinese government massive hacking operation thousands politicians companies dissidents
-
