Authorities in Washington, London and Wellington have charged in the past two days that Chinese-backed hackers have targeted their populations or governments to obtain information about elections, politicians or the business environment.
Among the politicians targeted in this global campaign of cyber espionage are also three from Romania, according to an indictment drawn up by the US Department of Justice. Following the report, published on Monday (25 March) evening, seven Chinese hackers are wanted internationally by the FBI and have been sent to court.
Deputies Cătălin Teniță (REPER), Alexandru Muraru (PNL) and former deputy Pavel Popescu (PNL) are the Romanian politicians who have come to the attention of Chinese hackers.
The three are said to have fallen victim to an espionage campaign by a hacker group called APT31 against the Inter-Parliamentary Alliance for China, an international group that includes several parliamentarians and is concerned with how democratic countries should refers to China.
This group has come under the scrutiny of Beijing for its speeches critical of the Chinese Communist regime and accusations of human rights violations against it.
The 20th count of the US Justice Department’s indictment, reviewed by Free Europe, states that in addition to US political and government officials, Beijing-backed hackers have in recent years also targeted politicians who used to criticize China .
“In or around 2021”, hackers from the group targeted by the US judiciary – named APT31 – targeted the Inter-Parliamentary Alliance on China (IPAC). The group had been founded in 2020, on the anniversary of the 1989 Tiananmen Square protests, which were brutally suppressed by the Chinese regime.
Around or in January 2021, the hackers registered ten email accounts, from which they sent more than 1,000 emails to more than 400 accounts of people associated with IPAC.
It’s unclear how many recipients of those emails opened them, but those who did unwittingly delivered data about their devices’ IPs, the location from which they opened the email, what types of browsers or systems of operation I use.
“Targets included every European Union member of IPAC and 43 UK MPs, most of whom were members of IPAC or had been mentioned in matters relating to the Government of the PRC (People’s Republic of China),” the US Department of Justice indictment says.
What the deputies say
According to Europa Liberă sources, some of the Romanian politicians in IPAC were contacted by the Romanian secret services, who wanted to check if they had received emails from Chinese hackers.
Contacted by Europa Liberă, liberal MP Alexandru Muraru says he does not remember receiving or opening such an email, but that he is not surprised that IPAC members were targeted by hackers supported by the Beijing government.
“In our meetings, which take place several times a year, in various formats, we have been repeatedly warned about what the Chinese state officials are trying to do. Starting with the sending of messages, e-mails, under false recipients, which apparently resemble IPAC, which in fact represents an imminent, direct and constant targeting of us”, declared Alexandru Muraru.
“I cannot accept that a totalitarian state, which suppresses any individual freedom and human rights, comes to Romanian institutions and intimidates Romanian state officials. What would happen if the Russian Federation, through its embassy in Bucharest, allowed itself to do such a thing? There would be a huge scandal,” adds the liberal deputy.
Free Europe also got in touch with deputy Cătălin Teniță and former deputy Pavel Popescu, who promised to offer their views on the findings of the US Department of Justice.
We will publish them as soon as we receive them.
Millions of US accounts targeted
The actions of hackers supported by the Chinese regime have not only targeted IPAC officials, but also politicians, institutions, businessmen or companies in the United States of America. The period documented by the FBI is at least 14 years, from 2010 to the present.
On Monday, the US Department of Justice and the FBI (Federal Bureau of Investigation) revealed that “millions of online accounts” of some Americans have been compromised following sophisticated cyber attacks carried out on a large scale by Chinese hackers.
Seven men of Chinese origin are wanted by the FBI in the case, which has also announced a $10 million (46 million lei) reward for information leading to their capture.
The seven men allegedly sent more than 10,000 “malicious emails that affected thousands of people on multiple continents.”
Emails sent by the APT31 group appeared to come from well-known media outlets or journalists and appeared to contain legitimate articles and news.
“The malicious emails contained hidden tracking links so that if the recipient simply opened the information about […] were transmitted to a server controlled by the defendants,” the Department of Justice says.
The US Department of Justice called the case a “prolific global hacking operation” supported by the Chinese government.
“Today’s (Monday) announcement reveals China’s continued and unsavory efforts to undermine our nation’s cybersecurity and target Americans,” FBI Director Christopher Wray said.
“As long as China continues to target the US and our partners, the FBI will continue to send a clear message that cyber espionage will not be tolerated, and we will relentlessly pursue those who threaten our nation’s security and prosperity,” he added.
What is APT31
The acronym APT stands for Advanced Persistent Threat. Antivirus company Karspesky defines APT as an advanced persistent threat (APT) that uses continuous, stealthy and sophisticated hacking techniques to gain access to a system and remain inside for an extended period of time, with potentially destructive consequences.
Also known as BRONZE VINEWOOD, JUDGMENT PANDA, Red keres, TA412, Violet Typhoon, ZIRCONIUM, Zirconium, APT31 is a group specializing in intellectual property theft.
According to the Department of Justice’s indictment against the seven Chinese hackers, the APT31 group was part of a cyber espionage program run by the Hubei State Security Department of the Chinese Ministry of State Security, located in the city of Wuhan/China.
Over the past 14 years, the APT31 group has conducted global hacking campaigns targeting political dissidents, government and political officials, candidates, and campaign staff in the United States and other US companies. Some of this activity has resulted in the successful compromise of targets’ networks, email accounts, cloud storage accounts, or phone call records.
The allegations in the UK
The series of allegations of mass cyber attacks and espionage against China began in London on Monday.
Then Deputy Prime Minister Oliver Dowden informed MPs that Beijing was responsible for “malicious cyber campaigns” against British institutions or MPs.
Dowden revealed that two individuals and a company close to the Chinese state were behind complex cyber attacks on the UK Electoral Commission. They took place between 2021 and 2022, but the British authorities would have learned about them only last year.
As a result of the cyber attacks, the hackers would have obtained personal information about approximately 40 million British voters, but the elections were not influenced, stressed, during a speech in Parliament, Deputy Prime Minister Dowden.
Several British MPs have also been targeted by cyber attacks allegedly orchestrated by China, in a separate campaign from the one against the Electoral Commission.
Speaking in Parliament, Deputy Prime Minister Oliver Dowden revealed that as far as British MPs were concerned, China had been orchestrating “reconnaissance activities” against them as early as 2021.
Beijing – whose ambassador to London has been summoned by the British government – denied the allegations, which it called “completely fabricated and malicious smears”.
The British government has imposed economic sanctions on individuals and companies involved in the hacker group it believes was behind the attack – APT 31.
Accusations from New Zealand too
On Tuesday, March 26, similar accusations against China also came from the southern hemisphere, where the government in Wellington revealed a cyber attack on the New Zealand Parliament that took place in 2021.
The attack would have been, like in London and Washington, sponsored by the Chinese government.
“Foreign interference of this kind is unacceptable and we have advised China to refrain from such activity in the future,” New Zealand Foreign Minister Winston Peters said in a statement, the BBC writes.
A senior New Zealand intelligence official told a parliamentary committee on Tuesday that seven of its citizens have provided training to the Chinese military in the past 18 months, which he says is a “major risk to national security”.
A spokesman for the Chinese Embassy in New Zealand said in an email that it “categorically rejects such baseless and irresponsible allegations” and expressed its dissatisfaction and firm opposition to the New Zealand authorities.
The Government in Wellington revealed that its cyber security office had found indications that a Chinese state-sponsored group called Advanced Persistent Threat 40 (APT 40) was responsible for the attacks.
APT40 gained access to information about the workings of the New Zealand government, but nothing of a sensitive or strategic nature.
The Chinese Embassy in New Zealand has denied the allegations. “We have never interfered and will not interfere in the future in the internal affairs of other countries, including New Zealand,” the embassy spokesman said.
What is APT40
APT40 – aka BRONZE MOHAWK, FEVERDREAM, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, MUDCARP, Periscope, Temp.Periscope or Temp.Jumper is a group with roots in Haikkou, Hainan Province, China and has been active since 2009, according to the FBI .
Over the years, APT40 has targeted government organizations, companies and universities in a wide range of industries – including biomedical, robotics and marine research – in the United States, Canada, Europe, the Middle East and the South China Sea, as well as industries included in China’s Belt and Road Initiative.
In 2021, the US State Department indicted four APT40 cyber actors who exploited various computer networks through the front company Hainan Xiandun Technology Development Company (Hainan Xiandun).
The FBI notes in a report on APT40 that one employee cooperated with China’s Ministry of State Security (MSS) intelligence officers.
That employee’s illegal activities “resulted in the theft of trade secrets, intellectual property, and other valuable information from companies and organizations in the United States and abroad, as well as from several foreign governments.”
Free Europe Romania is on Google News. Subscribe HERE.
Tags: Romanian parliamentarians targeted global Chinese espionage group MPs targets APT31
-
