The Biden administration on Monday announced a criminal indictment and sanctions against multiple Chinese hackers for allegedly conducting sweeping hacks against US companies and government officials on behalf of China’s civilian intelligence service.
Seven Chinese men were indicted in US federal court in the Eastern District of New York and accused of being part of a yearslong hacking effort that resulted in the “confirmed and potential compromise” of data belonging to millions of Americans, some of “which could be released in support of malign influence” targeting US democratic institutions, the indictment states.
The hackers targeted “some of America’s most vital critical infrastructure sectors,” including a defense contractor that made flight simulators for the US military, the US Treasury Department said while announcing sanctions against two of the men. The State Department announced a reward of up to $10 million for information on the seven men.
The alleged hacking effort was vast. Over the course of just a few months in 2018, the hackers sent more than 10,000 malicious emails to senior US officials (and their advisers) in the White House, Justice Department and other agencies, and to Democratic and Republican senators in more than 10 states, according to the indictment. The hackers allegedly posed as prominent US journalists as a ruse to try to get targets to click on the emails.
The US announcement came as the British government said the same broad group of Chinese hackers had “highly likely” breached the UK Electoral Commission in 2021 and 2022, and had conducted digital reconnaissance against British parliamentarians. The activity did not affect the UK electoral process or voters’ rights or registration, Britain’s foreign office said.
CNN first reported earlier Monday that the US government actions were imminent.
“Without valid evidence, the US jumped to an unwarranted conclusion and made groundless accusations against China,” Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, DC, said in a statement to CNN responding to the US announcement.
China’s Foreign Ministry earlier Monday condemned reports that the British government was preparing to link Beijing to hacking operations targeting the UK Electoral Commission and lawmakers, telling reporters that it opposes countries “politicizing” cybersecurity.
The moves come at a particularly delicate time in US-China cyber relations, weeks after FBI Director Christopher Wray issued a dire public warning that a different group of Chinese hackers was preparing “to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.”
At a meeting in November, Chinese President Xi Jinping assured US President Joe Biden that China would not interfere in the 2024 US election — an assurance that US officials are not taking at face value, CNN previously reported.
Beijing has vigorously denied the US allegations of hacking and in turn accused the US of conducting its own hacking operations against China.
The US announcement Monday focused on alleged Chinese cyber-espionage instead of the possible disruptive cyberattacks highlighted by Wray.
US officials alleged the seven Chinese men named in the indictment have been using a Chinese technology company as a front to cover their hacking activity on behalf of China’s powerful Ministry of State Security. CNN has attempted to reach the company, known as Wuhan Xiaoruizhi Science and Technology Company, for comment.
The cybersecurity industry knows the hacking group as APT31 or Judgement Panda, and researchers have found the hackers targeting everything from US law firms to European industrial organizations to international apparel companies.
Ahead of the 2020 US election, hackers associated with the group had unsuccessfully tried to break into email accounts of people affiliated with the Biden campaign, according to Microsoft. It was not immediately clear whether any of the men expected to be named this week were allegedly involved in that activity.
Monday’s announcement isn’t the first time the Chinese government’s extensive cyber capabilities have been traced back to contractors working for front companies.
A trove of documents leaked last month from another Chinese tech firm, I-Soon, showed victims of the firm’s hacking from Tibet to Hong Kong. Clients listed in contracts with the firm included China’s police, intelligence service and military, according to the leaked data.
This story and headline have been updated with additional developments.