APT31 is a Chinese state-sponsored hacking group thought to have been in action for a little over a decade now, and it has finally crossed enough lines to draw sanctions from both the US and UK.
The UK government applied sanctions over two specific incidents: a 2021 attempt on the email accounts of members of Parliament, and a 2021-2022 campaign that involved theft of voter data from the Electoral Commission. The US cited 10 years of prior cyber attacks by the group, during which millions of accounts are thought to have been compromised.
Repeated cyber attacks draw sanctions for Chinese hacking outfit
During its long period of cyber espionage in the US, APT31 went after both private companies (usually to steal technology) and government agencies (for a combination of spying and uncovering information on political dissidents). The group was not afraid to target the families of government officials as a means of penetrating their accounts.
This extended to attempted election interference in at least two known cases. In 2018, cyber attacks were directed at a public opinion research firm, presumably to gain insight into election prospects. In 2020, one of the presidential campaigns (possibly the Biden campaign based on a concurrent report of attempted cyber espionage by Google’s security team) was targeted by phishing emails.
The Department of Justice (DOJ) has now filed charges against seven Chinese nationals believed to be members of APT31, with two others sanctioned by the Treasury Department. Both the US and UK also slapped sanctions on a company called “Wuhan Xiaoruizhi Science and Technology” that is believed to be a front for the hacking group.
As is nearly always the case with reports of cyber attacks, the Chinese government has denied all responsibility and claimed that it is all part of an ongoing propaganda campaign. CISA has said that China has far more hackers devoted to cyber espionage than the FBI has available to keep up with them.
UK cyber espionage campaign netted voter records
The UK’s NCSC has said that APT31’s cyber attacks on Parliament did not result in any email accounts being compromised, but the later attack on the Electoral Commission did result in some voter roll information being stolen. This is not believed to have any impact on elections.
APT31’s cyber espionage program appeared to have a particular focus on any politicians that had been critical of China, but the group also appears to be dedicated to sniffing out dissidents that may be in contact with foreign governments. Though the cyber attacks appear to have yielded relatively little useful information, the NCSC is advising all potentially impacted entities to review their updated cybersecurity guidance and prepare for more attempts.
The incident comes amidst a wave of news involving Chinese hackers compromising critical infrastructure and targeting government officials for espionage purposes. The actions seem to be in no small part an attempt to reassure the public that election integrity remains sound, but further steps (such as broader implementation of zero trust architecture and harsher penalties for foreign cyber attacks) still remain on the table.