Chinese hacking group APT 31 has been accused by UK and US officials of targeting critics of Beijing, while New Zealand’s systems have also been attacked
The US and UK have imposed sanctions on individuals and groups that they say targeted politicians, journalists and critics of Beijing in an extensive cyber espionage campaign – allegedly operated by an arm of China’s ministry of state security.
The scale of the operation was revealed on Monday, although some of the attacks have been previously reported on. On Tuesday, New Zealand blamed “state-sponsored” Chinese hackers for a 2021 cyber-attack that infiltrated sensitive government computer systems.Who is behind the cyber-attacks?
Both the UK and US point the finger at a hacking group known within the cybersecurity community as Advanced Persistent Threat 31 (APT 31).
Western intelligence experts use the APT naming convention to identify hacking groups linked to foreign governments. According to Mandiant, an American cybersecurity firm and a subsidiary of Google, there are more than 40 APT groups, more than 20 of which are suspected to be operated by China.
APT 31, also known as Zirconium, Violet Typhoon, Judgment Panda and Altaire, is run by China’s ministry of state security from the city of Wuhan, according to the US justice department.
The group has been accused of high-profile attacks in the past: in 2020, Google and Microsoft warned that the group had targeted the personal emails of campaign staff working for Joe Biden.
The UK government says it was also linked to a hack of Microsoft Exchange email server software in 2021 that compromised tens of thousands of computers around the world.
In its announcement on Tuesday, New Zealand said that a separate Chinese state-backed group – APT 40 – was behind the attack that compromised computers linked to its parliamentary network.
According to Mandiant, APT 40 is a Chinese cyber espionage group that typically targets countries strategically important to the Belt and Road Initiative.Who was targeted?
The US and UK allege that the hacking campaign targeted both a broad swathe of private individuals, as well as strategically important companies and government officials.
The UK government has outlined two “malicious cyber campaigns targeting democratic institutions and parliamentarians”.
The first campaign resulted in Beijing allegedly accessing the personal details of about 40 million voters, held by the Electoral Commission.
