The U.S. and U.K. have accused the state-sponsored Chinese hacking group APT 31 (Zirconium  or Violet Typhoon) of being behind a years-long cyber-attack campaign, targeting political figures, journalists and businesses.

In Short

  • Chinese state-sponsored hackers have launched extensive cyber-attack campaigns targeting the US and the UK.
  • US and UK impose sanctions on China’s cyber-espionage operations, drawing global attention
  • China may disrupt elections in India using AI, warns Microsoft

The world has previously witnessed various cyber attacks backed by China in Australia.

However, this time, has Australia been targeted by China? The answer is NO.

In recent times, China is focusing on the United States of America and the United Kingdom. You can see various tweet on the platform X (formerly Twitter)

tweet 1
tweet - 2

In response to these cyber attacks, the US and UK have announced strict sanctions. These sanctions target  a Chinese company and two individuals involved in significant cyber espionage campaigns, particularly targeting millions of people, including legislators, voters and prominent Beijing critics.

tweet -3

Importantly, the United States and the United Kingdom have attributed these cyber attack campaigns to an arm of China’s Ministry of State Security, drawing international attention due to their scope and impact.

Who Is Behind All These Cyber-Attacks?

The United States and the United Kingdom have linked recent cyber attacks to a group called Advanced Persistent Threat 31 (APT 31). This group is suspected to be associated with China’s Ministry of State Security.

What Exactly is Advanced Persistent Threat?

The APT Groups, an acronym for Advanced Persistent Threat, are affiliated with the Chinese government. 

APT groups engage in cyberwarfare by conducting different actions in cyberspace against other countries. This involves organized activities by entities in China to disrupt or infiltrate foreign systems and networks.

The countries targeted by APT attacks include;

  • Australia
  • Canada
  • India
  • Japan
  • The Netherlands
  • New Zealand
  • United States 
  • Taiwan
  • Ukraine
  • United Kingdom 
  • The Vatican

List of APT Groups

Since Xi Jinping became General Secretary of the Chinese Communist Party in 2012, the Ministry of State Security has expanded its role in cyber espionage. This shift moved the focus away from the People’s Liberation Army.

Now, this ministry directs multiple Advanced Persistent Threat (APT) groups, showcasing China’s coordinated cyber warfare strategy across universities, individuals, and both private and public sectors.

  1. PLA Unit 61398 (also known as APT1)
  2. PLA Unit 61486 (also known as APT2)
  3. Buckeye (also known as APT3)
  4. Red Apollo (also known as APT10)
  5. Numbered Panda (also known as APT12)
  6. DeputyDog (also known as APT17)
  7. Codoso Team (also known as APT19)
  8. Wocao (also known as APT20)
  9. APT 27
  10. PLA Unit 78020 (also known as APT30 and Naikon)
  11. Zirconium (also known as APT31 and Violet Typhoon; affiliated with the MSS’ Hubei State Security Bureau)
  12. Periscope Group (also known as APT40)
  13. Double Dragon (also known as APT41, Winnti Group, Barium, or Axiom)
  14. Spamouflage (also known as Dragonbridge or Storm 1376; affiliated with the Ministry of Public Security)
  15. Hafnium
  16. LightBasin (Also known as UNC1945)
  17. Tropic Trooper
  18. Volt Typhoon
  19. Charcoal Typhoon (also known as CHROMIUM)
  20. Salmon Typhoon (also known as SODIUM)

Now, back to the topic:

In cybersecurity, experts use names like APT 31 to tag hacking groups linked to foreign governments. Mandiant, a cybersecurity firm owned by Google, says there are over 40 of these groups, with more than 20 likely run by China. 

APT 31, also known as Zirconium, Violet Typhoon, Judgment Panda, and Altaire, is believed to be operated by China’s Ministry of State Security from Wuhan, according to the US Justice Department.

This group has been accused of some big attacks before. In 2020, Google and Microsoft warned that APT 31 had targeted the personal emails of campaign staff working for Joe Biden.

The UK government also identified APT 31 behind a 2021 hack of Microsoft Exchange email server software, affecting tens of thousands of computers globally. Additionally, New Zealand announced that another Chinese state-backed group, APT 40, was responsible for an attack on computers linked to its parliamentary network.

Mandiant describes APT 40 as a Chinese cyber espionage group that typically targets countries important to China’s Belt and Road Initiative.

Who Were the Targets?

According to the US and UK, the cyber campaigns targeted individuals, companies, and government officials. The UK cited two cyber campaigns focused on democratic institutions and lawmakers.

The first campaign reportedly involved accessing personal details of approximately 40 million voters stored by the Electoral Commission. Initially, the UK pointed fingers at Russia, but later claimed it was China.  This breach occurred between late 2021 and October 2022 but did not affect the electoral process or registrations.

The second campaign seemed more focused, with UK intelligence suspecting that APT 31 conducted reconnaissance against UK parliamentarians critical of China. Fortunately, no accounts were compromised.

The US Justice Department highlighted a 14-year campaign targeting political dissidents, China critics, US officials, candidates, and American companies. Thousands were affected, compromising email, cloud storage, and phone records.

In 2021, APT 31 targeted officials in the Inter-Parliamentary Alliance on China, including EU and UK politicians. APT 31 also intensified efforts against activists and journalists linked to Hong Kong’s 2019 protests.

New Zealand confirmed a cyber-attack on its parliamentary office, with data taken but deemed not sensitive or strategic.

How Did the Attacks Happen?

The UK and US claim that APT 31 employed phishing techniques to carry out the cyber-attacks. In phishing, victims receive deceptive emails containing links designed to steal private information. To learn more about phishing attacks, you can check out the Wikipedia page on phishing – https://en.wikipedia.org/wiki/Phishing

US Deputy Attorney General Lisa Monaco revealed that over 10,000 emails were sent in this campaign. These emails appeared to come from news outlets, politicians, and China critics.

These phishing emails contained hidden tracking links. When victims opened them, information like location, device, and IP address was sent to the hackers’ server. APT 31 then used this data to conduct more targeted attacks, compromising home routers and other electronic devices.

What Was the Objective?

According to Monaco, the operation aimed to suppress critics of the Chinese regime, infiltrate government institutions, and steal trade secrets.

The US claims that APT 31 targeted dozens of companies crucial to national economic sectors, including defense, telecommunications, and manufacturing. This led to confirmed compromises of economic plans, intellectual property, and trade secrets.

The spouses of high-ranking White House officials, US senators, and campaign staff from both major political parties were also targeted. Despite APT 31’s actions during Biden’s election campaign in 2020, the US Justice Department report clarifies that the hacking did not support any Chinese government efforts to influence the election.

What Happens Next?

Tensions over cyber espionage between Beijing and Washington are heating up. Western intelligence agencies are getting more worried about China’s alleged state-backed hacking activities.

In the UK, the government has faced criticism for its slow response to cyber-attacks in 2021 and 2022. Luke de Pulford, from Ipac, voiced frustration, suggesting the government was reluctant to blame China for the attacks.

Conservative MP Iain Duncan Smith criticized the UK’s response as insufficient. He compared it to “an elephant giving birth to a mouse.” Smith stressed the need for a fresh approach to dealing with China.

China has denied being behind the attacks. A spokesperson from the Chinese embassy in Britain said, “China has always opposed cyber-attacks and follows the law. We don’t support or tolerate cyber attacks.

More to the Story……….

State-backed Chinese Cyber Warfare Groups Targeting India’s Elections: Microsoft Report

A recent analysis by Microsoft has highlighted concerns over Chinese state-backed cyber groups attempting to influence India’s upcoming Lok Sabha elections using artificial intelligence-generated content.

The report suggests that China, with support from North Korea, aims to manipulate polls in India, the United States, and South Korea.

According to the report, Chinese cyber actors targeted key offices of the Indian government, including the “PMO” (likely the Prime Minister’s Office) and the Home Ministry, as well as prominent businesses like Reliance and Air India. The hackers breached 95.2 gigabytes of immigration data from the Indian government, which was later leaked online.

Additionally, a cyber actor known as Flax Typhoon conducted attacks on the telecommunications sector in India during the fall and winter of 2023.

The Microsoft report highlights serious worries about cybersecurity and election fairness. It’s especially concerned about the rise of AI-driven disinformation campaigns. Chinese cyber groups using AI-generated content raise concerns about meddling in India’s democratic processes. This situation emphasizes the importance of being extra vigilant against cyber threats.

How Does India Counter Chinese Cyber Espionage?

India is working to strengthen its cyber defenses and is also taking offensive cyber actions to counter increasing Chinese cyber-espionage activities. However, there’s a recognized need for further action and strategy enhancement.

To strengthen its response, India must provide technical evidence linking these attacks to Chinese state-sponsored hackers, despite initial resistance from national security establishments. The technical community, both in India and globally, has presented compelling evidence that warrants attribution.

New Delhi should establish a dedicated mechanism to systematically monitor and analyze these offensive cyber operations. While existing intelligence and security agencies address foreign spying campaigns, the focus often remains on individual incidents rather than recognizing them as part of a broader Chinese cyber-espionage campaign targeting Indian networks.

A proactive approach led by the Defence Cyber Agency, in collaboration with civilian technical experts, is crucial to track and document these operations effectively. This collaboration will not only demonstrate India’s vigilance against Beijing’s cyber activities but also contribute to a more comprehensive cyber posture focused on detection, attribution, and response.

The Illegality and Societal Damage of Chinese Cyber Warfare – Tech Expert Report

It doesn’t matter which country is attacked—cyber espionage is an illegitimate activity. The ongoing cyber warfare led by China’s state-sponsored hacking groups clearly violates international laws and norms.

These groups are responsible for:

  1. Conducting espionage
  2. Stealing intellectual property
  3. Manipulating politics in countries like the US, UK, India, and New Zealand

These actions undermine trust between nations and pose serious threats to democratic institutions and global stability.

From a societal perspective – These cyber attacks have deep and damaging effects. Targeting political dissidents, journalists, and activists violates people’s basic rights and freedoms. It harms privacy and makes people feel afraid and suspicious.

The discovery that AI-generated content is being used to influence elections, as detailed in Microsoft’s report, marks a troubling escalation in cyber warfare tactics. 

These manipulative practices threaten the fairness of democratic processes and pose significant challenges to maintaining a secure and transparent digital environment.

As technical experts at TheWonk.in, we stress the urgent need to enhance cybersecurity measures, promote international collaboration among technical communities, and establish strong systems for attribution and deterrence. Governments and organizations need to focus on proactive strategies against cyber threats.

By addressing these challenges and ensuring accountability for cyber activities, we protect cyberspace and uphold critical principles like legality and security.

Be Cyber Safe!!!

By thewonk