U.S. Sanctions and Indicts Wuhan-Based Hackers for Targeting Critical American Infrastructure

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned a Chinese company for using hacks to target critical American infrastructure.

On Monday, the United States sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited, a Ministry of State Security front company based in Wuhan, China, that has served as cover for multiple malicious cyber operations.

The Department of Justice also unsealed indictments of Zhao Guangzong and Ni Gaobin, two Chinese nationals affiliated with Wuhan XRZ, and five others, for their roles in “malicious cyber operations targeting U.S. entities that operate within U.S. critical infrastructure sectors, directly endangering U.S. national security,” the Treasury Department said in a press release.

The Justice Department alleged that the defendants, “conducted global campaigns of computer hacking targeting political dissidents and perceived supporters located inside and outside of China, government and political officials, candidates and campaign personnel in the United States and elsewhere and American companies.”

To do this, The DOJ says the defendants sent more than 10,000 malicious emails to targets that often “appeared to be from prominent news outlets or journalists and appeared to contain legitimate news articles.”

“The malicious emails contained hidden tracking links, such that if the recipient simply opened the email, information about the recipient, including the recipient’s location, internet protocol (IP) addresses, network schematics and specific devices used to access the pertinent email accounts, was transmitted to a server controlled by the defendants and those working with them.  The defendants and others in the APT31 Group then used this information to enable more direct and sophisticated targeted hacking, such as compromising the recipients’ home routers and other electronic devices.”

“The targeted U.S. government officials included individuals working in the White House, at the Departments of Justice, Commerce, Treasury and State, and U.S. Senators and Representatives of both political parties. The defendants and others in the APT31 Group targeted these individuals at both professional and personal email addresses. Additionally in some cases, the defendants also targeted victims’ spouses, including the spouses of a high-ranking Department of Justice official, high-ranking White House officials and multiple United States Senators. Targets also included election campaign staff from both major U.S. political parties in advance of the 2020 election.”

Attorney General Merrick B. Garland said in a statement, “The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses.”

“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies,” Garland continued.

“The United States is focused on both disrupting the dangerous and irresponsible actions of malicious cyber actors, as well as protecting our citizens and our critical infrastructure,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson.

Nelson added, “Through our whole-of-government approach and in close coordination with our British partners, Treasury will continue to leverage our tools to expose these networks and protect against these threats.”

Leave a Comment