“‘APT’ under China’s Ministry of Security, hacking of U.S., British, and New Zealand officials and politicians.”

US and UK: “Information stolen through malicious emails for years”
China denies “it’s like telling a thief to catch a thief”

Three countries, including the United States, the United Kingdom, and New Zealand, disclosed that hacker organizations supported by the Chinese government had been carrying out ‘cyber espionage’ activities targeting high-ranking officials and politicians in the three countries for over 10 years. It is said that China attempted to intervene in politics, including elections, in major countries around the world through hacking activities. The Chinese side denied the connection, saying, “This is a typical case of a thief shouting ‘Catch the thief!’”

The U.S. and British governments announced on the 25th that they had sanctioned those involved, saying, “The Chinese government-affiliated hacker organization ‘APT31’ has been carrying out cyber attacks targeting its officials and others.” On the 26th, the New Zealand government also urged China to exercise restraint, saying it had confirmed that the hacking targeting its parliament was the work of ‘APT40’, sponsored by the Chinese government.

APT (Advanced Persistent Threat) refers to the act of hacking a specific country or organization over a long period of time. APT organizations suspected of being sponsored by a nation are assigned a number for identification. The three countries said that APT31 and APT40 are linked to China’s Ministry of State Security.

According to the U.S. Department of Justice, the seven Chinese hackers indicted this time belonged to APT31, and for about 14 years, they stole information and disrupted work in several countries. APT31 stole the email accounts and call records of thousands of people in the media and industry as well as politicians. They mainly use hacking programs to steal personal information by continuously sending malicious emails that look like ordinary news and clicking on them.

The UK revealed that APT31 led the 2021 hacking attempt on the email accounts of its lawmakers who took a hard-line stance against China. China is also believed to be behind the National Election Commission hacking incident. Previously, the British National Election Commission announced in August last year that hackers hacked the National Election Commission system between August 2021 and October 2022 and accessed the voter list. At the time, the names and addresses of 40 million registered British and overseas voters between 2014 and 2022 were exposed.

It has been reported that China’s Ministry of State Security has previously continued to support notorious hacker organizations such as ‘Mustang Panda’. According to Trelix, a cyber security company, about 79% of hacking attacks on foreign governments in the first quarter of last year (January to March) were the work of Chinese-linked hacking organizations.

China protested, saying it was a baseless slander. Foreign Ministry spokesman Lin Jian said, “We have raised serious concerns with the United States and relevant parties and will take necessary measures to protect China’s legitimate rights and interests.” The Chinese Embassy in the United States also counterattacked Radio Free Asia (RFA) by saying, “The United States is the country that engages in cyber espionage activities the most in the world.”

Reporter Yunjin Kim kyj@donga.com