Article Details

US sanctions APT31 hackers behind critical infrastructure attacks. The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations. The Office of Foreign Assets Control (OFAC) has also designated two Chinese nationals (Zhao Guangzong and Ni Gaobin) linked to the APT31 Chinese state-backed  hacking group and who worked as contractors for the Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ) MSS front company for their involvement in the same attacks and "endangering U.S. national security." This action was part of a joint effort with the U.S. Department of Justice, Federal Bureau of Investigation (FBI), Department of State, and the United Kingdom Foreign, Commonwealth & Development Office (FCDO).  The United Kingdom also sanctioned Wuhan XRZ and the two APT31 operatives for engaging "in cyber activities targeting officials, government entities, and parliamentarians in the UK and internationally." Today, the Justice Department will unseal indictments charging Zhao Guangzong, Ni Gaobin, and five other defendants for their involvement in malicious operations coordinated by Wuhan XRZ. "Zhao Guangzong was behind the 2020 APT 31 spear phishing operation against the United States Naval Academy and the United States Naval War College’s China Maritime Studies Institute," the Treasury Department said. "Ni Gaobin assisted Zhao Guangzong in many of his most high profile malicious cyber activities while Zhao Guangzong was a contractor at Wuhan XRZ, including the 2020 spear phishing operation against the United States Naval Academy and United States Naval War College’s China Maritime Studies Institute." As a result of today's sanctions, all assets and interests in the United States linked to designated individuals and entities are frozen. Entities at least 50% owned by blocked persons are also subject to freeze, and transactions involving blocked persons' assets are prohibited unless authorized by OFAC. Financial institutions and parties that deal with sanctioned entities and individuals risk exposure to sanctions or enforcement actions. In July 2020, the Council of the European Union also announced sanctions against Huaying Haitai, a company linked to the Chinese-backed APT10 threat group, and two of its employees, Gao Qiang and Zhang Shilong, for its involvement in the 'Operation Cloud Hopper' cyber-espionage campaign.