The Justice Department this week charged seven Chinese citizens with widespread cyber espionage against U.S. businesses and politicians.
Helped by UK law enforcement this week in identifying cybercriminals as affiliates of the APT31 threat group, all seven are believed to be based in the People’s Republic of China, according to report accusation. Likewise, on March 25, the The Treasury Department revealed the sanctions against the shell company that operates APT31 and is funded by the PRC’s Ministry of State Security (MSS) in Wuhan, China.
According to a statement from US Deputy Attorney General Lisa Monaco, the APT31 worldwide hacking campaign included more than 10,000 malicious emails and thousands of victims over more than 14 years.
“The practices of the APT31 group further demonstrate the size and scope of the state-sponsored PRC hacking apparatus,” Special Agent in Charge Robert W. “Wes” Wheeler Jr. of the FBI Chicago Field also said in a statement Office.
Cybersecurity experts applauded the DoJ for taking action against the Chinese.
“It is time for the administration to take more aggressive action to suppress the PRC’s blatant colonization of American infrastructure,” says Tom Kellerman, senior vice president of cyber strategy at Contract Security. “We need to stop playing defense. These sanctions are long overdue; however, I would like to see the confiscation of their Western assets.”
Chinese state actors are growing stealthier
China’s state-sponsored hackers are becoming increasingly cunning and strategic in their espionage efforts, according to John Hultquist, chief analyst at Mandiant Intelligence/Google Cloud.
“We are no longer in the era of brazen and loud intrusions against large swaths of the economy,” Hultquist said in a statement. “The activity we see now is much more targeted and better than it once was. Chinese cyber espionage is stealthier and more advanced than before. They have invested in better tactics, and those investments are paying off.”
While sanctions and charges may send a message to the Chinese government, those responsible remain beyond the reach of U.S. law enforcement and businesses are unlikely to observe any material change in the Chinese threat. Instead, Callie Guenther, senior manager of cyber threat research at Critical Start, says an increase in state-sponsored threats from China and other countries means countries need to up their cooperation game to mitigate any Chinese advantage.
“The indictment of the seven individuals linked to APT31 highlights the need for international collaboration to combat state-sponsored cyber threats,” says Guenther. “It highlights the importance of strong cyber defenses and intelligence sharing.”