Britain's Prime Minister Rishi Sunak says 'China is behaving in an increasingly assertive way abroad'. Photo / AP
Hackers linked to the Chinese government launched a sweeping, state-backed operation that targeted US officials, journalists, corporations, pro-democracy activists and the UK’s election watchdog, American and British authorities said on Monday in announcing a set of criminal charges and sanctions.
The intention of the campaign, which officials say began in 2010, was to harass critics of the Chinese government, steal trade secrets of American corporations and to spy on and track high-level political figures. Western officials disclosed the operation, carried out by a hacking group known as APT31, while sounding a fresh, election-year alarm about a country long seen as having advanced espionage capabilities.
The US Justice Department charged seven hackers, all believed to be living in China. The British government, in a related announcement, imposed sanctions on two of the defendants in connection with a breach that may have given the Chinese access to information on tens of millions of UK voters held by the Electoral Commission.
“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” Attorney General Merrick Garland said in a statement, adding that the “case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics”.
As part of the cyberintrusion campaign, prosecutors said, the hackers sent more than 10,000 emails to targets all over the world that purported to be from prominent journalists but that actually contained malicious code. Once opened, the emails installed tracking software that allowed the hackers to know the victims’ location, IP addresses and even the devices they used to get email.
The hackers further leveraged that tracking to target home routers and other devices, “including those of high-ranking US government officials and politicians and election campaign staff from both major US political parties”, the indictment says.
Targets included officials at the White House and multiple government agencies, including the Treasury and Commerce departments, senators from both parties, the spouse of a senior Justice Department official, political strategists, and political figures from around the world who were critical of the Chinese government, including members of a pro-democracy advocacy group.
The Justice Department said the hackers also began targeting email accounts belonging to senior staffers of a presidential campaign in May 2020, several months before the general election.
Britain’s sanctions follow an announcement last August that “hostile actors” had gained access to its servers from around 2021 to 2022.
At the time, the watchdog said the data included the names and addresses of registered voters. But it said much of the information was already in the public domain.
The Foreign Office said on Monday the hack of the election registers “has not had an impact on electoral processes, has not affected the rights or access to the democratic process of any individual, nor has it affected electoral registration”.
British cybersecurity officials also said that APT31 hackers “conducted reconnaissance activity” against British parliamentarians who were critical of Beijing in 2021. They said no parliamentary accounts were successfully compromised.
Three politicians, including former Conservative Party leader Iain Duncan Smith, told reporters on Monday they have been “subjected to harassment, impersonation and attempted hacking from China for some time”. Smith said in one example, hackers impersonating him used fake email addresses to write to his contacts.
APT31 has previously been accused of targeting US presidential campaigns and the information systems of Finland’s parliament, among others.
Britain’s Deputy Prime Minister Oliver Dowden said his government will summon China’s ambassador to account for its actions.
China’s Ministry of Foreign Affairs said before the announcement that countries should base their claims on evidence rather than “smear” others without factual basis.
“Cybersecurity issues should not be politicised,” ministry spokesperson Lin Jian said. “We hope all parties will stop spreading false information, take a responsible attitude, and work together to maintain peace and security in cyberspace.”
British Prime Minister Rishi Sunak reiterated that China is “behaving in an increasingly assertive way abroad” and is “the greatest state-based threat to our economic security”.
“It’s right that we take measures to protect ourselves, which is what we are doing,” he said, without providing details.
US officials over the years have brought a broad array of criminal cases against hackers affiliated with the Chinese government. They have also expressed concern about Chinese government influence operations and the potential that Beijing could meddle in presidential politics.
A 2021 intelligence assessment found that China ultimately did not interfere on either side during the 2020 election and “considered but did not deploy” influence operations intended to affect the outcome. US officials say they believe Beijing prioritised a stable relationship with the US and did not consider either election outcome as advantageous enough for it to risk the “blowback” that would ensue if it got caught with interfering.
The Justice Department said the indictment unsealed on Monday does not alter that conclusion, noting that there’s no allegation that the hacking was designed to further a Chinese government influence operation against the US.
Even so, Assistant Attorney General Matthew Olsen, the Justice Department’s top national security official, said in a statement that, “Today’s announcements underscore the need to remain vigilant to cybersecurity threats and the potential for cyber-enabled foreign malign influence efforts, especially as we approach the 2024 election cycle.”