Security News > 2024 > March > US sanctions APT31 hackers behind critical infrastructure attacks
The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security as cover in attacks against U.S. critical infrastructure organizations.
The Office of Foreign Assets Control has also designated two Chinese nationals linked to the APT31 Chinese state-backed hacking group and who worked as contractors for the Wuhan Xiaoruizhi Science and Technology Company, Limited MSS front company for their involvement in the same attacks and "Endangering U.S. national security."
The United Kingdom also sanctioned Wuhan XRZ and the two APT31 operatives for targeting UK parliamentarians, hacking the GCHQ intelligence agency, and breaching the UK's Electoral Commission systems.
In July 2021, the U.S. and its allies, including the European Union, the United Kingdom, and NATO, also officially blamed the MSS-linked Chinese state-backed APT40 and APT31 threat groups for a widespread Microsoft Exchange hacking campaign.
Chinese hackers hid in US infrastructure network for 5 years.
CISA shares critical infrastructure defense tips against Chinese hackers.
News URL
Related news
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- US says Chinese hackers breached multiple telecom providers (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)