DOJ Indicts Chinese Nationals Belonging to Chinese State-Backed Hacking Group APT31

Several alleged members of the APT31, a Chinese hacking group involved in criminal cyber activities for the past 14 years, have been indicted for computer intrusions and conspiracy to commit wire fraud, the US Department of Justice has announced.

Hacking groups such as APT31 are government-backed cyber espionage actors that usually seek information. It’s not the type of group that would look to encrypt systems and ask for ransom, although other state-backed groups have been known to get involved in this kind of criminal activity.

According to the DOJ, the group has been active for 14 years, and they are responsible for countless attacks spanning the globe.

“The APT31 Group was part of a cyberespionage program run by the MSS’s Hubei State Security Department, located in the city of Wuhan,” explained the DOJ in a press release.

“Through their involvement with the APT31 Group, since at least 2010, the defendants conducted global campaigns of computer hacking targeting political dissidents and perceived supporters located inside and outside of China, government and political officials, candidates, and campaign personnel in the United States and elsewhere and American companies.”

Their methods varied depending on the target, but they usually sent malicious emails, over 10,000 since at least 2010, that contained hidden tracking links. In this way, the attackers could check whether the recipient opened the email, what IP they had, what kind of network was in place, and more.

After they gathered this information, they would deploy advanced attacks, compromising home routers and other devices.

“To gain and maintain access to the victim computer networks, the defendants and others in the APT31 Group employed sophisticated hacking techniques including zero-day exploits, which are exploits that the hackers became aware of before the manufacturer, or the victim were able to patch or fix the vulnerability,” the DOJ explained.

The group’s targets included people in the White House, the DOJ, Commerce, Treasury, and State, and U.S. Senators and Representatives of both major political parties. They also went after numerous companies operating in defense, information technology, telecommunications, manufacturing and trade, finance, consulting, legal, and research industries.

The indictments are more of a statement, as all defendants are believed to reside in the PRC.