US, UK sanction alleged China-based hackers for targeting voters, critics

The sanctions identify a company and individuals accused of collaborating with the Chinese government to launch cyberattacks.

Tim Loughton, Iain Duncan Smith, and Stewart McDonald speak at a press conference.
Members of Parliament Tim Loughton, Iain Duncan Smith and Stewart McDonald speak about cyber-espionage allegations in London on March 25 [Kirsty Wigglesworth/AP Photo]

The United States and the United Kingdom have announced sanctions against a Chinese company and two individuals after an alleged cyber-espionage operation targeted millions of people, including legislators, voters and prominent Beijing critics.

In announcing the sanctions on Monday, the US and UK traced the “malicious cyber activity” back to intelligence operations within the Chinese government.

A statement from the US Treasury Department identified the sanctioned organisation as Wuhan Xiaoruizhi Science and Technology Company Ltd. The announcement described it as a front company for the Chinese Ministry of State Security, serving as a “cover for multiple malicious cyberoperations”.

The US Treasury also named two Chinese nationals in its sanctions: Zhao Guangzong and Ni Gaobin, both of whom are affiliated with the Wuhan company. They are accused of using cyberattacks to undermine critical infrastructure sectors including defence, aerospace and energy.

Also on Monday, the US  Department of Justice charged Zhao, Ni and five other hackers with conspiracy to commit computer intrusions and wire fraud. The agency said they were part of a 14-year-long cyber operation “targeting US and foreign critics, businesses and political officials”.

The aim of the global hacking operation was to “repress critics of the Chinese regime, compromise government institutions, and steal trade secrets”, US Deputy Attorney General Lisa Monaco said in a statement.

UK authorities did not name the company or the two individuals sanctioned. However, they said the two sanctioned individuals were involved in the operations with the Chinese cyber group APT31, an abbreviation for “advanced persistent threat”. The group is also known as Zirconium or Hurricane Panda.

APT31 has previously been accused of targeting US presidential campaigns and the information systems of Finland’s parliament.

Officials also said that, in 2021, Chinese-government-affiliated hackers “conducted reconnaissance activity” against critics in the UK Parliament, but none of the accounts targeted were successfully compromised.

Three UK legislators have said they were among the targeted. They were members of the Inter-Parliamentary Alliance on China, an international group focused on curbing Beijing’s influence abroad and addressing human rights concerns.

Those targeted include former Conservative Party leader Iain Duncan Smith. He told reporters at a Monday news conference that he and his colleagues had been “subjected to harassment, impersonation and attempted hacking from China for some time”.

Meanwhile, the UK Electoral Commission said in August that it identified a breach of its system in October 2022, though “hostile actors” had been able to access its servers as far back as 2021.

The electoral watchdog said the data accessed included the names and addresses of registered voters. However, it added that much of the information was already in the public domain.

On Monday, the UK Foreign Office said the hack “has not had an impact on electoral processes, has not affected the rights or access to the democratic process of any individual, nor has it affected electoral registration”.

UK Deputy Prime Minister Oliver Dowden also announced the government will summon China’s ambassador in light of the allegations.

For its part, China’s Ministry of Foreign Affairs warned that governments should base their claims on evidence rather than “smear” others without factual basis.

“Cybersecurity issues should not be politicised,” ministry spokesperson Lin Jian said.

“We hope all parties will stop spreading false information, take a responsible attitude, and work together to maintain peace and security in cyberspace,” he added.

Source: News Agencies