UK and US sanction Chinese state-sponsored hackers said to have breached Britain's Electoral Commission and parliament e-mails

The governments of United Kingdom and the United States have imposed fresh sanctions against a group of hackers referred to as Advanced Persistent Threat 31, which they believe are sponsored by China's state security agency.

They are joined by New Zealand, which says another Chinese hacking group has attacked parliamentary entities in this country.

Judith Collins, the Minister responsible for the Government Communications Security Bureau (GCSB), issued a statement saying New Zealand stands with the UK in its condemnation of China's state-backed malicious cyber activity affecting the Electoral Commission and targeting MPs.

“The use of cyber-enabled espionage operations to interfere with democratic institutions and processes anywhere is unacceptable,” Collins said.

According to Collins, the GCSB has established links between a state-sponsored actor linked to the Chinese government, and malicious cyber activity targeting parliamentary entities in New Zealand.

That group is said to be the APT40 or "Kryptonite Panda" from Haikou on Hainan Island, which has been active since around 2009.

Unlike the UK and US, New Zealand isn't currently considering sanctions against APT40.

Zirconium, Violet Typhoon, Judgment Panda and Altaire

APT31 is also known as Zirconium, Violet Typhoon, Judgment Panda and Altaire, following the eclectic naming conventions of security researchers.

According to the National Cyber Security Centre (NCSC) in the UK, APT31 targeted the Electoral Commission which was likely compromised between 2021 and 2022, breaching details of some 40 million people on the voting register.

NCSC also assessed that "it is almost certain" that APT31 conducted reconnaissance against UK parliamentarians during a separate campaign in 2021.

Foreign Secretary David Cameron called the activity "completely unacceptable" and has raised the hacking and spying with China's foreign minister, Wang Yi.

Meanwhile, the US said it has laid criminal charges against the APT31 hackers along with imposing sanctions, for targeting critical infrastructure in America, along with officials, politicians, economic and defence entities as well as foreign democracy activists, academics and government officials. 

The recently sanctioned individuals include:

• Zhao Guangzong 赵光宗 who is said to be a member of APT31, operating on behalf of China's Ministry of State Security (MSS). 
• Ni Gaobing 倪高 彬, also said to be a member of APT31, and working for MSS.

Along with Zhao and Ni, the Wuhan Xiaoruizi Science and Technology Company Ltd in Hubei province is accused of being associated with APT31 and part of China's "state-sponsored apparatus" through MSS.

The US is also offering rewards of up to US$10 million for information that leads to the identification or location of any person that engages in malicious cyber activities, while acting under the control or direction of foreign governments.

Other APT31 associates include:

• Cheng Feng 程锋;
• Peng Yaowen 彭耀文;
• Sun Xiaohui 孙小辉;
• Weng Ming 翁明;
• Xiong Wang 熊旺.

They are said to have worked with Ni and Zhao to develop malware and to device "malicious cyber processes" along with assisting in cyber intrusions against a long list of victims associated with US government and critical infrastructure.

Update: China's ambassador to New Zealand has published a response to Tuesday's APT31 hacking allegations.

We reject outright the groundless and irresponsible accusations against China on cyber attacks or intrusions, and have lodged serious démarches to New Zealand’s relevant authorities, expressing strong dissatisfaction and resolute opposition.

Cybersecurity is a global challenge.…

— Wang Xiaolong (@AmbChina2NZ) March 26, 2024