WASHINGTON (AP) 鈥 Hackers linked to the Chinese government launched a sweeping, state-backed operation that targeted U.S. officials, journalists, corporations, pro-democracy activists and the U.K.'s election watchdog, American and British authorities said Monday in announcing a set of criminal charges and sanctions.
The intention of the campaign, which officials say began in 2010, was to harass critics of the Chinese government, steal trade secrets of American corporations and to spy on and track high-level political figures. Western officials disclosed the operation, carried out by a hacking group known as APT31, while sounding a fresh, election-year alarm about a country long seen as having advanced espionage capabilities.
The U.S. Justice Department charged seven hackers, all believed to be living in China. The British government, in a related announcement, imposed sanctions on a front company and two of the defendants in connection with a breach that may have given the Chinese access to information on tens of millions of U.K. voters held by the Electoral Commission.
鈥淭he Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,鈥 Attorney General Merrick Garland said in a statement, adding that the 鈥渃ase serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics.鈥
As part of the cyber-intrusion campaign, prosecutors said, the hackers sent more than 10,000 emails to targets all over the world that purported to be from prominent journalists but that actually contained malicious code. Once opened, the emails installed tracking software that allowed the hackers to know the victims鈥 location, IP addresses and even the devices they used to get email.
The hackers further leveraged that tracking to target home routers and other devices, 鈥渋ncluding those of high-ranking U.S. government officials and politicians and election campaign staff from both major U.S. political parties,鈥 the indictment says.
Targets included officials at the White House and multiple government agencies, including the Treasury and Commerce departments, senators from both parties, the spouse of a senior Justice Department official, political strategists, and political figures from around the world who were critical of the Chinese government, including members of a pro-democracy advocacy group.
The Justice Department said the hackers also began targeting email accounts belonging to senior staffers of a presidential campaign in May 2020, several months before the general election.
Also, the cybersecurity firm Proofpoint , the hackers heavily focused their phishing on Washington-based journalists, including White House correspondents, just prior to the Jan. 6, 2021, attack on the Capitol.
Britain's sanctions follow an announcement that 鈥渉ostile actors鈥 had gained access to its servers from around 2021 to 2022.
At the time, the watchdog said the data included the names and addresses of registered voters. But it said much of the information was already in the public domain.
The Foreign Office said Monday the hack of the election registers 鈥渉as not had an impact on electoral processes, has not affected the rights or access to the democratic process of any individual, nor has it affected electoral registration.鈥
British cybersecurity officials also said that APT31 hackers 鈥渃onducted reconnaissance activity鈥 against British parliamentarians who were critical of Beijing in 2021. They said no parliamentary accounts were successfully compromised.
Three lawmakers, including former Conservative Party leader Iain Duncan Smith, told reporters Monday they have been 鈥渟ubjected to harassment, impersonation and attempted hacking from China for some time.鈥 Smith said in one example, hackers impersonating him used fake email addresses to write to his contacts.
APT31 has previously been accused of and the information systems of , among others.
Britain鈥檚 Deputy Prime Minister Oliver Dowden said his government will summon China鈥檚 ambassador to account for its actions.
China鈥檚 Ministry of Foreign Affairs said before the announcement that countries should base their claims on evidence rather than 鈥渟mear鈥 others without factual basis.
鈥淐ybersecurity issues should not be politicized,鈥 ministry spokesperson Lin Jian said. 鈥淲e hope all parties will stop spreading false information, take a responsible attitude, and work together to maintain peace and security in cyberspace.鈥
The Chinese embassy also accused the U.S. of 鈥渏umping to an unwarranted conclusion and making groundless accusation against China鈥 without valid evidence.
鈥淚t is extremely irresponsible and is a complete distortion of facts,鈥 the embassy said in a statement. 鈥淐hina firmly opposes this.鈥
British Prime Minister Rishi Sunak reiterated that China is 鈥渂ehaving in an increasingly assertive way abroad鈥 and is 鈥渢he greatest state-based threat to our economic security.鈥
鈥淚t鈥檚 right that we take measures to protect ourselves, which is what we are doing,鈥 he said, without providing details.
U.S. officials over the years have brought a broad array of criminal cases against hackers affiliated with the Chinese government. They have also expressed concern about Chinese government influence operations and the potential that Beijing could meddle in presidential politics.
A found that China ultimately did not interfere on either side during the 2020 election and that the country had 鈥渃onsidered but did not deploy鈥 influence operations intended to affect the outcome. U.S. officials say they believe Beijing prioritized a stable relationship with the U.S. and did not consider either election outcome as advantageous enough for it to risk the 鈥渂lowback鈥 that would ensue if it got caught with interfering.
The Justice Department said the indictment unsealed Monday does not alter that conclusion, noting that there's no allegation that the hacking was designed to further a Chinese government influence operation against the U.S.
Even so, Assistant Attorney General Matthew Olsen, the Justice Department's top national security official, said in a statement that, 鈥淭oday鈥檚 announcements underscore the need to remain vigilant to cybersecurity threats and the potential for cyber-enabled foreign malign influence efforts, especially as we approach the 2024 election cycle."
_____
Hui reported from London. Associated Press writers Frank Bajak in Boston, Didi Tang in Washington and Dave Collins in Hartford, Connecticut, contributed to this report.
