Connect with us

Hi, what are you looking for?



US Treasury Slaps Sanctions on China-Linked APT31 Hackers

The US Treasury Department sanctions a pair of Chinese hackers linked to “malicious cyber operations targeting US critical infrastructure sectors.”

China Hacks

The US government on Monday announced a fresh round of sanctions against a pair of Chinese hackers it says are responsible for “malicious cyber operations targeting U.S. entities that operate within U.S. critical infrastructure sectors.”

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) said the sanctions also extend to a Wuhan, China-based technology company serving as a front for multiple malicious cyber operations.  

In tandem, the US Department of Justice unsealed an indictment against 7 Chinese nationals — including the sanctioned Zhao Guangzong and Ni Gaobin — and announced its allies in the UK and the Commonwealth and Development Office implemented matching sanctions.

The government said the hackers are linked to APT31, a nation state-backed hacking team caught infiltrating critical infrastructure installations in Eastern Europe and breaking into routers in France.

The Department of Treasure notes that APT 31 is a collection of Chinese state-sponsored intelligence officers, contract hackers, and support staff that conduct malicious cyber operations on behalf of the Hubei State Security Department (HSSD). 

It said APT 31 has targeted a wide range of high-ranking U.S. government officials and their advisors integral to U.S. national security including staff at the White House; the Departments of Justice, Commerce, the Treasury, and State and even members of Congress.

The sanctions come as APT31 has been linked to malicious attacks against some of America’s most vital critical infrastructure sectors, including the Defense Industrial Base, information technology, and energy sectors.

“APT 31 actors have gained unauthorized access to multiple Defense Industrial Base victims, including a defense contractor that manufactured flight simulators for the U.S. military, a Tennessee-based aerospace and defense contractor, and an Alabama-based aerospace and defense research corporation,” the US government said.

Advertisement. Scroll to continue reading.

The front company, identified as Wuhan XRZ, has been used to surreptitiously carry out cyber operations that result in the surveillance of U.S. and foreign politicians, foreign policy experts, academics, journalists, and pro-democracy activists.

Related: US Slaps Sanctions on ‘Dangerous’ Iranian Hackers

Related: Calls Mount for US Clampdown on Mercenary Spyware Merchants

Related: US Treasury Sanctions Crypto Exchange in Anti-Ransomware Crackdown

Related: Lawmakers Want Ban on American VCs Funding Chinese Tech

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...


Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.


An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...