The British government joined the Biden administration on Monday in sanctioning the hackers and company for targeting parliamentarians and U.K. electoral commission systems between 2021 and 2022. The government also summoned the Chinese ambassador to Britain, officials in London said.
The two allies are seeking to send a strong message to Beijing that malicious cyber activities that endanger national security and seek to repress dissidents abroad are unacceptable and violate international norms, U.S. and British officials said.
“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” Attorney General Merrick Garland said Monday. “This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies.”
The charges are the result of a long-running investigation, Justice Department officials said.
In London, U.K. Home Secretary James Cleverly said, “It is reprehensible that China sought to target our democratic institutions. … Targeting our elected representatives and electoral processes will never go unchallenged.”
The defendants, along with dozens of Chinese Ministry of State Security (MSS) intelligence officers, contract hackers, and support personnel, were members of a hacking group operating in China and referred to by Justice Department officials as APT 31, a group also known as Violet Typhoon and Judgment Panda.
The APT 31 group was part of a cyberespionage program run by the security ministry’s Hubei State Security Department, located in Wuhan, the Justice Department said. Since at least 2010, the defendants conducted global hacking campaigns targeting political dissidents inside and outside of China, U.S. and foreign government officials, political officials and campaign personnel in the United States and elsewhere, the Justice Department said.
The defendants and others in APT 31 also targeted thousands of American and foreign citizens and companies. Some of the efforts resulted in successful hacks of networks, email and cloud storage accounts, and telephone call records — with some surveillance of compromised email accounts lasting many years, the department said.
The hackers allegedly sent more than 10,000 malicious emails that often appeared to be from prominent news outlets or journalists containing legitimate news articles. The emails instead had hidden tracking links that when clicked on enabled the hackers to gain location data, IP addresses and other identifying information. The hackers then used this data to do more sophisticated surveillance, such as compromising targets’ home routers and other electronic devices.
Dissidents whose accounts were hacked included pro-democracy activists in Hong Kong and their associates in the United States and other countries. In 2018, after several Hong Kong pro-democracy activists were nominated for the Nobel Peace Prize, which is awarded by a Norwegian committee, government officials in Oslo were targeted, the Justice Department said.
In the United States, targets included officials working at the White House, Justice, Commerce, Treasury and State departments — along with senators and representatives from both major political parties. Sometimes family members were targeted: including the spouse of a high-ranking Justice official, senior White House officials and multiple U.S. senators, according to the Justice Department statement. Election campaign staff from both parties were targeted in advance of the 2020 election.
The defendants are Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, Xiong Wang and Zhao Guangzong. All are believed to be in China. The Treasury Department sanctioned Zhao, Ni and the Wuhan Xiaoruizhi Science and Technology Company.