Treasury’s Office of Foreign Assets Control (OFAC) sanctioned a Chinese company responsible for a wide range a wide of "malicious cyber operations" targeting high-ranking U.S. government officials including staff at the White House; the Departments of Justice, Commerce, the Treasury, and State; members of Congress, including both Democrat and Republican Senators; the United States Naval Academy; and the United States Naval War College’s China Maritime Studies Institute.
The organization also is responsible for cyber attacks on multiple Defense Industrial Base victims, including a defense contractor that manufactured flight simulators for the U.S. military, a Tennessee-based aerospace and defense contractor, and an Alabama-based aerospace and defense research corporation. Additionally, APT 31 actors gained unauthorized access to a Texas-based energy company, as well as a California-based managed service provider.
Included in the action is Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has served as cover for multiple malicious cyber operations, as well as seven Chinese nationals affiliated with Wuhan XRZ, for their roles in malicious cyber operations "targeting U.S. entities that operate within U.S. critical infrastructure sectors, directly endangering U.S. national security."
This action is part of a collaborative effort with the U.S. Department of Justice, Federal Bureau of Investigation (FBI), Department of State, and the United Kingdom Foreign, Commonwealth & Development Office (FCDO).
People’s Republic of China (PRC) state-sponsored malicious cyber actors continue to be one of the greatest and most persistent threats to U.S. national security, as highlighted in the most recent Office of the Director of National Intelligence Annual Threat Assessment.
Today, the Department of Justice unsealed indictments of Zhao Guangzong, Ni Gaobin, and five other defendants; and the U.S. Department of State announced a Rewards for Justice offer for information on these individuals, their organization, or any associated individuals or entities; and the UK Foreign, Commonwealth & Development Office implemented matching sanctions.
APT 31: A CHINESE MALICIOUS CYBER GROUP
An Advanced Persistent Threat (APT) is a sophisticated cyber actor or group with the capability to conduct advanced and sustained malicious cyber activity, often with the goal of maintaining ongoing access to a victim’s network. Information security researchers will categorize and name certain APTs based on observed patterns such as the location of the perpetrators, the types of victims targeted, and the techniques used in the malicious cyber activity.
APT 31 is a collection of Chinese state-sponsored intelligence officers, contract hackers, and support staff that conduct malicious cyber operations on behalf of the Hubei State Security Department (HSSD).
APT 31 has targeted a wide range of high-ranking U.S. government officials and their advisors integral to U.S. national security including staff at the White House; the Departments of Justice, Commerce, the Treasury, and State; members of Congress, including both Democrat and Republican Senators; the United States Naval Academy; and the United States Naval War College’s China Maritime Studies Institute.
APT 31 has targeted victims in some of America’s most vital critical infrastructure sectors, including the Defense Industrial Base, information technology, and energy sectors.
Further information is available [here]
Comments
No comments on this item Please log in to comment by clicking here