U.S. and UK Impose Sanctions on APT 31 Chinese Hackers for Cyber Attacks

In a significant move to counter cyber threats, the United States and the United Kingdom have imposed sanctions on a group of China-linked hackers accused of targeting critical infrastructure in the U.S.

The coordinated action includes indictments, sanctions, and a rewards program aimed at curtailing the activities of these cyber operatives.

The U.S. Department of Justice has unsealed indictments against Zhao Guangzong, Ni Gaobin, and five other individuals for their involvement in a series of cyber attacks.

These individuals are believed to be connected to the Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), which is allegedly a front for the Chinese Ministry of State Security (MSS).

The Office of Foreign Assets Control (OFAC) of the Department of the Treasury has sanctioned Wuhan XRZ and the two Chinese nationals, Zhao Guangzong and Ni Gaobin, for their roles in the cyber operations.

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

• Real-time Detection
• Interactive Malware Analysis
• Easy to Learn by New Security Team members
• Get detailed reports with maximum data
• Set Up Virtual Machine in Linux & all Windows OS Versions
• Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

Try ANY.RUN for FREE

These operations have targeted entities within the U.S. critical infrastructure sectors, posing a direct threat to national security.

APT 31: A Chinese Malicious Cyber Group

The hackers are affiliated with the state-sponsored Advanced Persistent Threat group 31 (APT 31), which is known for its sophisticated cyber espionage campaigns.

OFAC’s sanctions are pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, which targets individuals and entities responsible for or complicit in cyber-enabled activities that threaten the U.S.

This action represents a collaborative effort involving the U.S. Department of Justice, the Federal Bureau of Investigation (FBI), the Department of State, and the UK Foreign, Commonwealth & Development Office (FCDO).

The UK has implemented matching sanctions, demonstrating a unified stance against the cyber threats posed by these actors.

In addition to the sanctions, the U.S. Department of State has announced a Rewards for Justice offer. This program seeks information on the indicted individuals, their organizations, or associated entities. The aim is to gather intelligence to help prevent future cyber-attacks and bring the perpetrators to justice.

Impact of the Sanctions

The sanctions will limit the ability of the targeted individuals and entities to access the U.S. financial system.

They also serve as a deterrent by signaling to other potential cyber actors that similar actions will have serious consequences.

By taking these measures, the U.S. and UK are sending a clear message that they will not tolerate cyber activities threatening their national security and economic stability.

The joint action by the U.S. and UK underscores the seriousness with which both nations view the threat of state-sponsored cyber attacks. By imposing sanctions and seeking international cooperation, they aim to protect their critical infrastructure and maintain the integrity of their national security.

The move also highlights the importance of a coordinated global response to the growing challenge of cyber threats.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.