The US Treasury Department levied sanctions on a Chinese firm Monday, accusing it of being a front company for ‘dangerous and irresponsible’ state-sponsored hacking.
The announcement came on top of seven indictments issued by the Department of Justice accusing seven men affiliated with that company, Wuhan Xiaoruizhi Science and Technology Company Ltd. (Wuhan XRZ), of ‘malicious cyber operations.’
Wuhan XRZ’s cyberattacks, officials said, were part of a pervasive effort to sneak malware into critical American utilities, including electric grids and water supplies.
Although the presence of this software — buried within critical US infrastructure — has not yet led to an offensive cyberattack, intelligence officials believe that Beijing had installed the malicious code in an effort to thwart US efforts to defend Taiwan.
This afternoon, the US Department of State, which collaborated with the FBI and the DOJ on the hacking probe, announced a $10 million reward for ‘information on the group and the defendants’ as part of its Rewards for Justice program.
The US Treasury Department levied sanctions on a Chinese firm Monday, and the Department of Justice (DOJ) issued indictments against seven suspected hackers involved, accusing the firm of being a front company for ‘dangerous and irresponsible’ state-sponsored cyber warfare
Above, photos from the DOJ indictment: (Top left to right), Ni Gaobin, Weng Ming, Cheng Feng, (bottom left to right) Peng Yaowen, Sun Xiaohui, Xiong Wang and Zhao Guangzong
In recent years, Biden Administration officials and federal law enforcement, including FBI director Christopher Wray, have devoted considerable resources to pursuing a Chinese government covert operation they have dubbed ‘Volt Typhoon.’
The moniker describes a reported Chinese hacking network that investigators said has burrowed into over 20 major nodes of US infrastructure in the past year alone.
Their successful targets, according to government officials who spoke anonymously to the Washington Post, have included a water utility in Hawaii, a major West Coast port and at least one oil and gas pipeline.
China’s cyber attacks have grown to a ‘scale greater than we’d seen before,’ FBI director Christopher Wray warned this year, amid fears that US infrastructure is under threat
Today’s seven indicted and accused hackers linked to Wuhan XRZ, officials said, are believed to be responsible for what had been previously labelled by US law enforcement and intelligence agencies as ‘Advanced Persistent Threat 31,’ or APT31.
The seven accused APT31 hackers, Ni Gaobi, 38; Weng Ming, 37; Cheng Feng, 34; Peng Yaowen, 38; Sun Xiaohui, 38; Xiong Wang, 35; and Zhao Guangzong, 38, are also alleged to have targeted US government officials in addition to public infrastructure.
DOJ officials said that the group used ‘sophisticated’ means to hack into economic and defense companies as well, hiding code in over 10,000 so-called ‘phishing’ or ‘spear-phishing’ emails.
APT31, according to FBI and DOJ, targeted these companies, as well as government and political officials, candidates and campaign staff for the past last 14 years.
The Director of National Intelligence warned in February of 2023 that China is already ‘almost certainly capable’ of launching cyberattacks to disable oil and gas pipelines and rail systems
Analysts believe that China’s military has changed its strategy from intelligence-gathering to infiltration in a bid to sew chaos should war break out
‘The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,’ Attorney General Merrick Garland said in a statement Monday.
‘This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States.’
The tandem sanctions issued by the US Treasury Dept. were part of an international effort with partners in the UK to crack down on Chinese hacking into core services.
Treasury officials described the work of malicious, state-sponsored cyber-actors as ‘one of the greatest and most persistent threats to US national security.’
Although the malicious code, buried within critical US infrastructure, has not yet led to a cyberattack, US intelligence officials believe Beijing planted it in order to thwart US efforts to defend Taiwan. Above, a still from an animated video shared by China’s military in spring of 2023 – simulating how China would launch an all-out attack on Taiwan
According to Treasury Department investigators, the alleged APT31 hackers affiliated with Wuhan XRZ have been responsible for some of China’s most malicious cyber operations — including a 2020 ‘spear-phishing’ operation targeting the US Naval Academy and the US Naval War College’s China Maritime Studies Institute.
The operation, according to court filings, suggestively followed public comments by a US State Department official in 2020, who described Chinese military actions near Taiwan in the South China Sea as ‘completely unlawful.’
In another example, the hackers are accused of targeting the Norwegian government after the Scandinavian country awarded its famed Nobel Peace Prize to activists from the Hong Kong democracy movement.
A series of reports by US intelligence agencies has argued that Chinese military strategists hope to compel the US to pivot away from Taiwan and focus on its own disaster management, directing US military and logistics towards domestic electricity, food and water concerns, in the event of a Chinese attempt to reclaim the island nation.
Taiwan’s independence and past history as part of China have been a point of tension between the United States and the Asian superpower since the dawn of the Cold War in the years after World War II.