Cyberwarfare

US Treasury Slaps Sanctions on China-Linked APT31 Hackers

The US Treasury Department sanctions a pair of Chinese hackers linked to “malicious cyber operations targeting US critical infrastructure sectors.”

Published

The US government on Monday announced a fresh round of sanctions against a pair of Chinese hackers it says are responsible for “malicious cyber operations targeting U.S. entities that operate within U.S. critical infrastructure sectors.”

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) said the sanctions also extend to a Wuhan, China-based technology company serving as a front for multiple malicious cyber operations.  

In tandem, the US Department of Justice unsealed an indictment against 7 Chinese nationals — including the sanctioned Zhao Guangzong and Ni Gaobin — and announced its allies in the UK and the Commonwealth and Development Office implemented matching sanctions.

The government said the hackers are linked to APT31, a nation state-backed hacking team caught infiltrating critical infrastructure installations in Eastern Europe and breaking into routers in France.

The Department of Treasure notes that APT 31 is a collection of Chinese state-sponsored intelligence officers, contract hackers, and support staff that conduct malicious cyber operations on behalf of the Hubei State Security Department (HSSD). 

It said APT 31 has targeted a wide range of high-ranking U.S. government officials and their advisors integral to U.S. national security including staff at the White House; the Departments of Justice, Commerce, the Treasury, and State and even members of Congress.

The sanctions come as APT31 has been linked to malicious attacks against some of America’s most vital critical infrastructure sectors, including the Defense Industrial Base, information technology, and energy sectors.

“APT 31 actors have gained unauthorized access to multiple Defense Industrial Base victims, including a defense contractor that manufactured flight simulators for the U.S. military, a Tennessee-based aerospace and defense contractor, and an Alabama-based aerospace and defense research corporation,” the US government said.

Advertisement. Scroll to continue reading.

The front company, identified as Wuhan XRZ, has been used to surreptitiously carry out cyber operations that result in the surveillance of U.S. and foreign politicians, foreign policy experts, academics, journalists, and pro-democracy activists.

Related: US Slaps Sanctions on ‘Dangerous’ Iranian Hackers

Related: Calls Mount for US Clampdown on Mercenary Spyware Merchants

Related: US Treasury Sanctions Crypto Exchange in Anti-Ransomware Crackdown

Related: Lawmakers Want Ban on American VCs Funding Chinese Tech

In this article:, , ,

Related Content

Lockbit ransomware

Ransomware

LockBit Ransomware Mastermind Unmasked, Charged

Charges and sanctions announced against Dimitry Yuryevich Khoroshev, the alleged developer and operator of LockBit ransomware.

1 day ago

Nation-State

Cisco Raises Alarm for ‘ArcaneDoor’ Zero-Days Hitting ASA Firewall Platforms

Cisco warns that nation state-backed hackers are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and...

April 24, 2024

Cyberwarfare

$10 Million Bounty on Iranian Hackers for Cyberattacks on US Gov, Defense Contractors

Four Iranians are accused of hacking into critical systems at the Departments of Treasury and State and dozens of private US companies.

April 23, 2024

Cloud Security

Microsoft’s Security Chickens Have Come Home to Roost

News analysis: SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China's audacious Microsoft’s Exchange Online hack and isn't at all surprised by the findings.

April 4, 2024

Government

UK, New Zealand Accuse China of Cyberattacks on Government Entities

Australia and New Zealand support the UK in condemning Chinese hackers for targeting UK institutions and parliamentarians.

March 26, 2024

Government

Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

Government agencies in the Five Eyes countries warn critical infrastructure entities of Chinese state-sponsored hacking group Volt Typhoon.

March 20, 2024

ICS/OT

China’s Volt Typhoon Hackers Are Exfiltrating Sensitive OT Data

Volt Typhoon and two other threat groups that emerged in 2023 can pose a serious threat to ICS/OT, according to industrial cybersecurity firm Dragos.

February 20, 2024

Malware & Threats

US Says China’s Volt Typhoon Hackers ‘Pre-Positioning’ for Cyberattacks Against Critical Infrastructure

New CISA alert includes technical mitigations to harden attack surfaces and instructions to hunt for the Chinese government-backed hackers.

February 7, 2024

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version