US and UK crack down on ‘malicious cyber activity’ by China. Allies praise action, China denies it

The United States and United Kingdom imposed sanctions on a Chinese company and two associated individuals, saying they were acting against ‘malicious cyber activity’ by state-sponsored hackers in China whose alleged targets included lawmakers, officials, journalists, voters and critics of Beijing.

The trans-Atlantic allies said their sanctions were against the so-called Advanced Persistent Threat Group 31 (‘APT 31’), described by the US as ‘a cyber threat group connected to the government of the People’s Republic of China (PRC) that has targeted U.S officials, politicians and campaign officials, various U.S. economic and defense entities and officials, as well as foreign democracy activists, academics, and government officials.’

US and UK authorities identified the newly designated firm as Wuhan Xiaoruizhi Science and Technology Company Ltd., and the two individuals allegedly affiliated with it as Zhao Guangzong and Ni Gaobin.

In addition, the US Department of Justice unsealed an indictment charging the two individuals and five others with conspiring to commit computer and wire fraud against the United States.

‘The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,’ said Attorney General Merrick Garland.

The US State Department announced a reward of up to $10 million for information on the group and the defendants.

The UK said in its announcement that ‘the UK Electoral Commission systems were highly likely compromised by a Chinese state-affiliated entity between 2021 and 2022,’ and that ‘it is almost certain’ that APT31 ‘conducted reconnaissance activity against UK parliamentarians during a separate campaign in 2021.’

The European Union, Australia and New Zealand spoke out in support of the UK in its action.

China slammed the United States and United Kingdom for their actions, saying it has reached out to both countries about the accusations but has not heard back.

This week, the US and UK imposed sanctions on a Chinese company and two associated individuals, announcing that they were targeting APT 31, described by the US as a cyber threat group connected to the Chinese government that has targeted US officials, economic and defence entities, as well as foreign democracy activists and journalists.

Beijing, Foreign Ministry Spokesperson Lin Jian said his government has reached out to Washington and London about the accusations, but has yet to receive any response.

‘The Chinese side has made technical clarifications and responses to the so-called “APT31”-related information submitted by the British side, and made it clear that the evidence provided by the British side was inadequate and relevant conclusions lack professionalism. But unfortunately, there has been no further response from the British side,’ Lin said at a news conference, 26 March.

Lin said that the UK and the US are ‘hyping up the so-called “Chinese cyberattacks” and even launching groundless unilateral sanctions against China.’ He said Beijing has made ‘strong démarches to the US and relevant parties’ and will take necessary measures to safeguard our lawful rights and interests.’