Skip to main content

DOJ: Chinese hackers worked under guise of Wuhan tech company to target politicians, US businesses

The Justice Department charged seven Chinese nationals with sending over 10,000 malicious mails in a massive cyber hacking campaign targeting senior level U.S. officials and others.

The Justice Department unsealed an indictment on Monday charging seven Chinese nationals with working under the guise of a Wuhan tech company to coordinate cyber-attacks targeting politicians and American companies on behalf of the Chinese government for over a decade. 

The defendants — Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui. Xiong Wang, and Zhao Guangzong — are charged in connection to China’s vast hacking operation that allegedly targeted sensitive data from U.S. elected and government officials, journalists and academics; valuable information from American companies; and political dissidents in America and abroad. The "prolific global hacking operation" was said to have involved over 10,000 malicious emails, impacting thousands of victims across multiple continents. 

The announcement from the Biden administration comes as Britain’s Deputy Prime Minister Oliver Dowden said on Monday that a Chinese government-affiliated group also hacked into the United Kingdom’s electoral registry to steal the personal information of tens of millions of voters. 

"The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses," U.S. Attorney General Merrick B. Garland said in a statement. "This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies."

The U.S. Treasury Department also sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), which American authorities say is a Wuhan, China-based Ministry of State Security (MSS) front company that has served as cover for multiple malicious cyber operations.

CHINESE HACKERS HAD ACCESS TO US INFRASTRUCTURE FOR 'AT LEAST 5 YEARS' BEFORE DISCOVERY

Between June and September 2018, the seven defendants sent more than 10,000 malicious email messages to professional and personal email addresses belonging to "high-ranking U.S. government officials and their advisors, including officials involved in international policy and foreign trade issues," the indictment filed in the U.S. District Court for the Eastern District of New York says. 

"Since at least 2015, the Conspirators sent thousands of malicious tracking email messages to the personal and professional email accounts of government and political officials in the U.S. and elsewhere, including targets’ family members and contacts," the indictment alleges. "The malicious email messages generally purported to be from prominent American journalists, contained email subject headers purporting to contain legitimate news articles, and the body of the messages purported to include excerpts from news articles from news outlets, such as CNN and Vox." 

Prosecutors go went on to say the messages contained an embedded hyperlink that served as a tracking link. 

"If the recipient activated the tracking link by opening the email, information about the recipient, including the recipient’s location, IP addresses, network schematics and specific devices used to access the pertinent email accounts, was transmitted to a server controlled by the Conspirators," the indictment says. "The Conspirators used this method to enable more direct and sophisticated targeting of recipients’ home routers and other electronic devices, including those of highranking U.S. government officials and politicians and election campaign staff from both major U.S. political parties."

The targets allegedly included individuals at the White House; the Departments of Justice, Commerce, Treasury and State; members of Congress, including both Democratic and Republican U.S. senators from more than ten states; government officials in the Eastern District of New York; and the spouses of a high-ranking Department of Justice official, high-ranking White House officials and multiple U.S. senators. 

FBI DIRECTOR SAYS CHINESE HACKERS ARE 'POISED TO ATTACK' AS INFILTRATIONS REACH 'FEVER PITCH'

The indictment says the targets also included political strategists and commentators and political and special interest advocates, as well as U.S. government contractors, including cleared defense contractors, to obtain U.S. government information. In May 2020, the DOJ says, the defendants began targeting email accounts belonging to several senior campaign staff members for a presidential campaign. By November 2020, they allegedly sent emails containing tracking links to targets associated with additional political campaigns, including a retired senior U.S. government national security official.

"In or about March 2022, the Conspirators sent emails containing tracking links to various government officials in the U.S. Senate, the State Department and the Departments of Commerce, Labor and Transportation," the indictment says. DOJ prosecutors say the seven Chinese nationals also targeted other government officials around the world who expressed criticism of the PRC government, including members of the Inter Parliamentary Alliance on China ("IPAC"), a group founded in 2020 on the anniversary of the 1989 Tiananmen Square protests whose stated purpose was to counter the threats posed by the Chinese Communist Party to the international order and democratic principles. 

The Hubei State Security Department ("HSSD"), the provincial foreign intelligence arm of the MSS located in the city of Wuhan, first created Wuhan XRZ in 2010 to carry out its computer intrusion activities, according to the indictment. 

"A PRC government business license issued by the PRC Administration for Market Regulation described Wuhan XRZ as a company involved with research and experimental development, technology development, technology consultation and technology transfer," it says.

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) also announced it was designating Zhao Guangzong and Ni Gaobin, two of the defendants believed to be affiliated with Wuhan XRZ, "for their roles in malicious cyber operations targeting U.S. entities that operate within U.S. critical infrastructure sectors, directly endangering U.S. national security."

The U.S. Department of State announced a Rewards for Justice offer for information on the seven Chinese nationals, their organization or any associated individuals or entities, and the U.K. Foreign, Commonwealth & Development Office implemented matching sanctions.

"The United States is focused on both disrupting the dangerous and irresponsible actions of malicious cyber actors, as well as protecting our citizens and our critical infrastructure," Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said in a statement. "Through our whole-of-government approach and in close coordination with our British partners, Treasury will continue to leverage our tools to expose these networks and protect against these threats."

Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.