US, UK Sanction Chinese Company, People for Cyberattacks
The U.S. and the U.K. this week sanctioned a Chinese company and two people for carrying out cyberattacks against American and British entities and critical infrastructure sectors.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The designations target Wuhan Xiaoruizhi Science and Technology Company, Limited, which the Office of Foreign Assets Control said is a front company for China’s Ministry of State Security and has acted as a “cover for multiple malicious cyber operations.” OFAC and the U.K.’s Office of Financial Sanctions Implementation also sanctioned Chinese nationals Zhao Guangzong, who has worked as a contractor for the company to carry out “numerous malicious cyber operations against U.S. victims,” and Ni Gaobin, who has helped with those cyberattacks. OFAC said the attacks included a 2020 email phishing operation against the U.S. Naval Academy and U.S. Naval War College’s China Maritime Studies Institute.
OFAC said the people and companies have ties to a broader Advanced Persistent Threat group, or APT group, in China that conducts “advanced and sustained malicious cyber activity, often with the goal of maintaining ongoing access to a victim’s network.” The agency said it’s using the term APT 31 to refer to a collection of Chinese state-sponsored intelligence officers, contract hackers and support staff, including Wuhan Xiaoruizhi Science and Technology Company, that carry out “malicious cyber operations” on behalf of China’s Hubei State Security Department.
The U.K.’s Foreign, Commonwealth & Development Office said APT 31 “conducted reconnaissance activity” against British parliament members in 2021 and attacked the U.K. Electoral Commission in 2021 and 2022. “The majority of those targeted were prominent in calling out the malign activity of China,” the FCDO said. “No parliamentary accounts were successfully compromised.”
The FDCO said the attacks are “the latest in a clear pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians in the UK and beyond.”
The sanctions were unveiled the same day DOJ charged Ni Gaobin and Zhao Guangzong with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in the China-based hacking group. The agency also charged Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui and Xiong Wang, who also have ties to APT 31.