US, UK Issue Indictments, Sanctions Chinese Hacker; China Denies Accusations

By Tsering Choephel

DHARAMSALA 27 March: The US and the UK have filed charges and imposed sanctions on Beijing’s covertly-run cyber espionage hacking group, nicknamed Advanced Persistent Threat 31 (APT31), on Monday. The espionage campaign allegedly targeted millions of people, including lawmakers, academics, journalists, and companies, including defence contractors, as reported by Reuters on 25 March.

Authorities on both sides of the Atlantic nicknamed the hacking group Advanced Persistent Threat 31 (APT31), alleged to be an arm of China’s Ministry of State Security (MSS), has reportedly compromised defence contractors, dissidents, and various companies abroad in a decade-long spying spree. Chinese hackers even targeted individuals such as the spouse of a senior US official and lawmakers.

“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” said US Attorney General Merrick B. Garland in the official press release announcing an indictment of seven Chinese nationals engaged in cyber espionage.

The statement further noted that the “APT31 Group was part of a cyber espionage program run by the MSS’s Hubei State Security Department, located in the city of Wuhan.”

On Monday, the UK announced sanctions on two Chinese nationals and a company for their espionage campaign. UK officials accused APT31 of hacking British lawmakers critical of China.

Chinese spying operators were said to be behind the cyber attack on the UK Electoral Commission between August 2021 and October 2022, resulting in the data of millions of UK citizens being compromised.

China’s Foreign Ministry spokesperson Lin Jian rejected the US and UK’s allegations, calling their accusations “political manipulation” and counter-accused them of engaging in cyber attacks during a regular press briefing in Beijing on Tuesday.

The New Zealand government, on Tuesday, said it had raised its cybersecurity concerns from China-backed hackers for its alleged involvement in an attack on the country’s parliamentary entities in 2021.

According to an ESET research report published on March 7, China’s covertly-run hacking group named Evasive Panda (also known as BRONZE HIGHLAND and Daggerfly) has been discovered to have launched a cyber espionage campaign targeting Tibetans living in India, Australia, Taiwan, and the US since at least September 2023.

This hacking group is found to have hacked the website of the Kagyu International Monlam Trust, coinciding with the Kagyu Monlam Festival held annually in January in Bodhgaya, India, as reported.

The report also mentioned the website of a software development company based in India that works to produce Tibetan language translation software, as well as the Tibetan news portal Tibetpost website, as victims of the same hackers.

In 2013, the Chinese-language website of the Tibetan government-in-exile, Tibet.net, suffered a similar fate, being attacked by hackers with an unidentified virus that rendered the portal inaccessible. Phuntsok, an official spokesperson for the Central Tibetan Administration (CTA) in 2013, revealed that the English(tibet.net), Tibetan(bod.asia), and Chinese(xizang-zhiye.org) websites have been targeted and taken down multiple times in the past.

The Tibetan Centre for Human Rights and Democracy had its website hacked in June of last year. The Tibetan Express’ web portals, both English and Tibetan, were rendered inaccessible for one month in August 2022 due to cyber attacks.