US Files Charges For 7 Chinese Hackers Behind APT31

Seven hackers connected to the People's Republic of China (PRC) government have been charged with computer infiltration after they targeted foreign and American companies, and political figures.

Indictments against seven Chinese nationals were made public by the U.S. Department of Justice (DoJ) on Monday. The individuals were part of a hacking gang that, for approximately 14 years, targeted political officials, corporations, journalists, and critics both domestically and internationally.

Charges for conspiracy to commit wire fraud and conspiracy to commit computer intrusions have been brought against the alleged cyber spies in relation to APT31, a state-sponsored threat group also known by the names Altaire, Bronze Vinewood, Judgement Panda, and Violet Typhoon (previously Zirconium). The hacker collective has been in operation for 14 years.

Federal prosecutors stated that their duties include overseeing the attack infrastructure, testing and using the malware that was used to carry out the intrusions, and monitoring particular U.S. entities. They also added that the campaigns are intended to further China's foreign intelligence and economic espionage goals.

The defendants and other members of APT31 carried out a massive hacking operation in which they sent over 10,000 emails containing hidden tracking links to targets of interest. By opening the emails, the recipients' IP addresses, devices used to access their email accounts, and location were all compromised.

It has also been discovered that APT31 is behind additional spear-phishing efforts that target American government employees at the Departments of Justice, Commerce, Treasury, and State as well as Senators, Representatives, and election campaign workers from both political parties.

Custom malware, such DropDoor/DropCat, EvilOSX, RAWDOOR, Trochilus, and others, made secure connections with servers under the control of the adversary in order to receive and carry out commands on the target computers, so enabling the attacks. To carry out post-exploitation operations, a cracked version of Cobalt Strike Beacon was also utilized.

Tensions in the Indo-Pacific area are still high between China and other Indo-Pacific nations including Taiwan, Japan, and the Philippines because China is increasing its naval and air force presence near Taiwan. As tensions in the area continue to rise, there have been allegations of Chinese Defense Minister Kuo-Cheng being present at a U.S. Special Operations unit training forces on an island in Taiwan.

Source: Hacker News