The US authorities unsealed an indictment charging seven nationals of the People’s Republic of China (PRC) for their involvement in a long-standing cyber espionage campaign targeting individuals and entities both within and outside the United States.

The defendants, identified as Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, Xiong Wang, and Zhao Guangzong, are accused of conspiracy to commit computer intrusions and wire fraud as part of a PRC-based hacking group.

The group, tracked as APT31, Zirconium and Judgment Panda, operated under the auspices of the PRC's Ministry of State Security (MSS) intelligence apparatus, specifically the Hubei State Security Department in Wuhan. Their activities spanned approximately 14 years and were allegedly aimed at furthering the PRC's economic espionage and foreign intelligence objectives.

Since at least 2010, the defendants and their associates have targeted a wide range of individuals and organizations, including political dissidents, government officials, political candidates, campaign personnel, and American companies. Their tactics involved sophisticated hacking techniques, including zero-day exploits, which allowed them to gain and maintain access to victim computer networks.

One of the key strategies employed by the APT31 Group was the use of malicious emails disguised as legitimate news articles from prominent news outlets or journalists. The emails contained hidden tracking links, enabling the group to gather information about recipients, including their locations, IP addresses, network configurations, and specific devices used to access email accounts. This information was then leveraged for more targeted and sophisticated hacking attempts, such as compromising home routers and other electronic devices.

The indictment alleges that the group's activities resulted in the compromise of thousands of individuals and companies, leading to the theft of sensitive data, intellectual property, and trade secrets. It is estimated that these actions contributed to the loss of billions of dollars annually as part of the PRC's state-sponsored efforts to acquire US technology.

Additionally, the US Treasury announced sanctions against Wuhan Xiaoruizhi Science and Technology Company (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has served as cover for multiple malicious cyber operations, and Zhao Guangzong and Ni Gaobin for conducting malicious operations against US victims.

The UK authorities published a related statement, imposing sanctions on two of the hackers for a breach of the UK Electoral Commission systems that might have given them access to information about tens of millions of UK voters.