Security News > 2024 > March > US sanctions APT31 hackers behind critical infrastructure attacks
The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security as cover in attacks against U.S. critical infrastructure organizations.
The Office of Foreign Assets Control has also designated two Chinese nationals linked to the APT31 Chinese state-backed hacking group and who worked as contractors for the Wuhan Xiaoruizhi Science and Technology Company, Limited MSS front company for their involvement in the same attacks and "Endangering U.S. national security."
The United Kingdom also sanctioned Wuhan XRZ and the two APT31 operatives for targeting UK parliamentarians, hacking the GCHQ intelligence agency, and breaching the UK's Electoral Commission systems.
In July 2021, the U.S. and its allies, including the European Union, the United Kingdom, and NATO, also officially blamed the MSS-linked Chinese state-backed APT40 and APT31 threat groups for a widespread Microsoft Exchange hacking campaign.
Chinese hackers hid in US infrastructure network for 5 years.
CISA shares critical infrastructure defense tips against Chinese hackers.
News URL
Related news
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- US shares tips to block hackers behind recent telecom breaches (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)