Security News > 2024 > March > US sanctions APT31 hackers behind critical infrastructure attacks
The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security as cover in attacks against U.S. critical infrastructure organizations.
The Office of Foreign Assets Control has also designated two Chinese nationals linked to the APT31 Chinese state-backed hacking group and who worked as contractors for the Wuhan Xiaoruizhi Science and Technology Company, Limited MSS front company for their involvement in the same attacks and "Endangering U.S. national security."
The United Kingdom also sanctioned Wuhan XRZ and the two APT31 operatives for targeting UK parliamentarians, hacking the GCHQ intelligence agency, and breaching the UK's Electoral Commission systems.
In July 2021, the U.S. and its allies, including the European Union, the United Kingdom, and NATO, also officially blamed the MSS-linked Chinese state-backed APT40 and APT31 threat groups for a widespread Microsoft Exchange hacking campaign.
Chinese hackers hid in US infrastructure network for 5 years.
CISA shares critical infrastructure defense tips against Chinese hackers.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Healthcare attacks spread beyond US – just ask India's Star Health (source)