US Treasury sanctions Chinese company and two nationals for alleged involvement in critical infrastructure cyberattacks
The move reflects escalating international concern over state-sponsored cyberthreats emanating from China.
The US Treasury Department has imposed sanctions on a company based in Wuhan, alleged to be a front for the Chinese Ministry of State Security (MSS), used in attacks against critical infrastructure in the United States.
Additionally, the Office of Foreign Assets Control (OFAC) has targeted two Chinese individuals, Zhao Guangzong and Ni Gaobin, associated with the APT31 hacking group, who operated as contractors for the Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), identified as an MSS-linked front company. These actions were taken due to their roles in attacks on US critical infrastructure, posing a threat to national security.
This move came as a collaborative effort involving the US Department of Justice, the Federal Bureau of Investigation (FBI), the Department of State, and the UK’s Foreign, Commonwealth & Development Office (FCDO).
According to the Treasury Department, Zhao Guangzong orchestrated a spear-phishing operation in 2020 targeting institutions such as the United States Naval Academy and the United States Naval War College’s China Maritime Studies Institute.
Ni Gaobin collaborated with Zhao Guangzong in several high-profile cyber activities, including the 2020 spear-phishing operation against the aforementioned institutions, during their tenure as contractors at Wuhan XRZ.
The UK also joined in imposing sanctions on Wuhan XRZ and the two individuals associated with APT31 for their involvement in targeting UK parliamentarians, breaching the GCHQ intelligence agency, and compromising the UK’s Electoral Commission systems.
Furthermore, the National Cyber Security Centre (NCSC) of the UK, a division of GCHQ, revealed that the Electoral Commission’s systems were likely compromised by a Chinese state-affiliated entity between 2021 and 2022, alongside reconnaissance activities targeting UK parliamentarians in 2021.
Simultaneously, the Justice Department unsealed indictments against Zhao Guangzong, Ni Gaobin, and five other defendants for their roles in various malicious operations orchestrated by Wuhan XRZ over approximately 14 years. These operations aimed at critical infrastructure, businesses, and politicians in the U.S., supporting China’s foreign intelligence and economic espionage goals.
Deputy Attorney General Lisa Monaco condemned the extensive hacking operation, allegedly backed by the Chinese government, which targeted thousands of victims worldwide, including journalists, political figures, and companies, to suppress dissent and steal valuable information.
In response to these actions, the State Department announced rewards of up to $10 million for information on Wuhan XRZ, APT31, or any of the seven Chinese MSS hackers.
Entities significantly owned by sanctioned individuals are subject to asset freezes, and transactions involving their assets require OFAC authorisation. Financial institutions and parties engaging with sanctioned entities risk sanctions or enforcement measures.
This comes after the US and its allies, including the European Union, the United Kingdom, and NATO, attributed the widespread Microsoft Exchange hacking campaign to MSS-linked Chinese state-backed threat groups APT40 and APT31 in July 2021. Additionally, the European Union previously imposed sanctions on Huaying Haitai and two employees associated with the Chinese-backed APT10 threat group for their involvement in the ‘Operation Cloud Hopper’ cyber-espionage campaign in July 2020.