A band of hackers sent a yearslong barrage of malicious e-mails to U.S. politicians, government officials and private companies as part of a Chinese espionage and intelligence operation, Brooklyn federal prosecutors said.
The feds announced Monday the indictment of seven members of a Chinese state-run hacking operation, known in the cybersecurity community as Advanced Persistent Threat 31, running out of Wuhan since 2010. The indicted suspects all live in China, and have not been arrested by U.S. law enforcement agents.
The group sent tens of thousands of phishing emails to government and political officials in the U.S., as well as their family members and other contacts, usually pretending to be from prominent American journalists, according to the indictment.
The emails had links to what looked like real news articles, but opening the email would activate a tracking link, sending location, device and network data back to a server controlled by the hackers.
They’d then use that info to target home routers and electronic devices, the feds allege.
“This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyberoperations aimed at threatening the national security of the United States and our allies,” Attorney General Merrick Garland said Monday.
The targets included White House officials and their spouses, officials with the Justice, Commerce, Treasury and State departments, and senators from both parties across 10 states. The hackers also tried their email schemes on defense contractors, political strategists, commentators and advocates, according to the feds.
In May 2020, the hackers targeted staffers for a presidential campaign — the indictment wouldn’t say which campaign — and sent out tracking emails to more political campaigns that November, the feds allege.
Dissidents critical of the Chinese government and their supporters also found themselves in the hackers’ crosshairs, the feds said.
They also used custom malware and “zero-day exploits,” so named because they take advantage of security vulnerabilities before software and electronics manufacturers realize they exist to hack into the computers of a wide range of private companies, including defense contractors, telecommunications firms, law offices and a New York-based apparel company, according to the feds.
The hacks often came in response to world events, such as a 2018 U.S. tariff on imported steel, and when members of the Hong Kong democracy movement were nominated for a Nobel Peace Prize.
The defendants, Ni Gaobin, 38; Weng Ming, 37; Cheng Feng, 34; Peng Yaowen, 38; Sun XIaohui, 38; Xiong Wang, 35, and Zhao Guangzong, 38, are charged with conspiracy to commit computer intrusions and conspiracy to commit wire fraud.
