The Department of Justice (DoJ) announced today that it has charged seven hackers associated with the People’s Republic of China (PRC) for “malicious” cyberattacks that targeted U.S. government officials, politicians, and companies.
The alleged hackers were members of the Chinese hacking group known as Advanced Persistent Threat 31 (APT31 Group). They targeted thousands of U.S. and foreign individuals and companies – including election campaign staff from both major U.S. political parties leading up to the 2020 election – DoJ charged.
“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” Attorney General Merrick Garland said in a March 25 press release.
“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies,” Garland emphasized.
According to DoJ, the hackers sent over 10,000 malicious emails to targets that often appeared to be from prominent news outlets or journalists and that contained legitimate news articles.
While many phishing campaigns require the target to click on a link to access sensitive data, DoJ said that the defendants could get sensitive information if a target simply opened the email.
“The malicious emails contained hidden tracking links, such that if the recipient simply opened the email, information about the recipient, including the recipient’s location, internet protocol (IP) addresses, network schematics, and specific devices used to access the pertinent email accounts, was transmitted to a server controlled by the defendants and those working with them,” DoJ explained.
“The defendants and others in the APT31 Group then used this information to enable more direct and sophisticated targeted hacking, such as compromising the recipients’ home routers and other electronic devices,” it said.
In addition to election campaign staff, notable targets included individuals working in the White House, at the Departments of Justice, Commerce, Treasury, and State, and members of Congress on both sides of the aisle. Oftentimes, the defendants and others in the APT31 Group also targeted victims’ spouses.
The alleged hackers targeted these individuals at both their professional and personal email addresses.
As for the U.S. companies, DoJ said the hacking group targeted “individuals and dozens of companies operating in areas of national economic importance, including the defense, information technology, telecommunications, manufacturing and trade, finance, consulting, legal, and research industries.”
According to the release, this included multiple defense contractors, managed service providers, a leading 5G network equipment provider, and a leading provider of wireless technology, among others.
“As alleged in today’s indictment, this prolific global hacking operation – backed by the PRC government – targeted journalists, political officials, and companies to repress critics of the Chinese regime, compromise government institutions, and steal trade secrets,” said Deputy Attorney General Lisa Monaco. “The Department of Justice will relentlessly pursue, expose, and hold accountable cyber criminals who would undermine democracies and threaten our national security.”