APT 31, a notorious hacking gang allegedly linked to the Chinese government, has been identified by British cyber defence officials as the group which carried out cyber attacks on email accounts of parliamentarians.
The National Cyber Security Centre (NCSC), the GCHQ’s cyber security arm, said that they found that APT 31 was behind the unsuccessful 2021 attacks.
In the same time period, seven Chinese nationals related to the group were charged by the FBI in the US with allegedly carrying out wire fraud.
US prosecutors said that APT 31 belonged to a group managed by the Chinese Ministry of State Security, the intelligence agency of the country based in the city of Wuhan.
In the indictment, the US named Chinese citizens Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, Xiong Wang and Zhao Guangzong, who are between the age of 34 and 38 and live in China.
APT 31 faces the accusation of interfering in the 2020 US elections and was also reported to have been involved in a widespread attack on Microsoft systems which took place in 2021 and gave access to thousands of email servers.
Today, the UK Government has called out China state-affiliated actors for malicious cyber activity targeting democratic institutions and parliamentarians⬇️https://t.co/ChvNrfpTyv
🧵— NCSC UK (@NCSC) March 25, 2024
APT is the short form of “advanced persistent threat” and is a naming convention which has been used by Western cyber intelligence agencies for identifying hacking groups related to foreign adversaries.
More than two dozen active Chinese APT groups: report
According to The Telegraph newspaper, government officials have identified more than two dozen Chinese APT groups.
APT 31 is also known as Violet Typhoon, Judgement Panda, Bronze Vinewood and Zirconium.
It was first publicly identified in 2016, but was most probably operational since 2010.
The most serious attack happened in 2021 when APT 31 as well as another state-backed group used a flaw in Microsoft, Exchange’s email server system to steal personal data.
Watch: UK: Deputy PM blames China for cyber-attack on election commission
In the hacking attempt, nearly 250,000 email servers were affected, which included an estimated 7,000 in the United Kingdom.
The Norwegian parliament and the European Banking Authority were also victims of the cyber attack as the National Cyber Security Centre (NCSC) claimed that the hack “enabled large-scale espionage”.
Email phishing techniques have also been widely used by APT 31 in which victims have been encouraged to click on malicious links which steal details.
On Monday (Mar 25), the FBI said that more than 10,000 emails were sent by APT 31 to prominent critics of China, in a major phishing attack.
(With inputs from agencies)
