• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

 | 

New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

 | 

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

 | 

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

 | 

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

 | 

Norway confirms dam intrusion by Pro-Russian hackers

 | 

Zoom patches critical Windows flaw allowing privilege escalation

 | 

Manpower data breach impacted 144,180 individuals

 | 

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 

SAP fixed 26 flaws in August 2025 Update, including 4 Critical

 | 

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

 | 

Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs

 | 

Chrome sandbox escape nets security researcher $250,000 reward

 | 

Smart Buses flaws expose vehicles to tracking, control, and spying

 | 

MedusaLocker ransomware group is looking for pentesters

 | 

Google confirms Salesforce CRM breach, faces extortion threat

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 57

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • APT
  • Breaking News
  • Intelligence
  • Laws and regulations
  • Security
  • US Treasury Dep announced sanctions against members of China-linked APT31

US Treasury Dep announced sanctions against members of China-linked APT31

Pierluigi Paganini March 26, 2024

The US Treasury Department announced sanctions on two APT31 Chinese hackers linked to attacks against organizations in the US critical infrastructure sector.

The US government announced sanctions against a pair of Chinese hackers (Zhao Guangzong and Ni Gaobin), alleged members of the China-linked APT31 group, who are responsible for “malicious cyber operations targeting U.S. entities that operate within U.S. critical infrastructure sectors.”

The U.S. Treasury Department has sanctioned a tech company based in Wuhan, the Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), used by the Chinese Ministry of State Security (MSS) as a front in attacks against organizations in the U.S. critical infrastructure sector.

“Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has served as cover for multiple malicious cyber operations. OFAC is also designating Zhao Guangzong and Ni Gaobin, two Chinese nationals affiliated with Wuhan XRZ, for their roles in malicious cyber operations targeting U.S. entities that operate within U.S. critical infrastructure sectors, directly endangering U.S. national security.” reads the press release published by the U.S. Treasury Department. “This action is part of a collaborative effort with the U.S. Department of Justice, Federal Bureau of Investigation (FBI), Department of State, and the United Kingdom Foreign, Commonwealth & Development Office (FCDO).”

The U.S. Treasury Department states that China-linked APT groups continue to be one of the greatest and most persistent threats to U.S. national security.

The US Department of Justice unsealed an indictment against 7 Chinese nationals, including the two members of the APT31 group.

The indictment charged seven Chinese nationals with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in the APT31 China-based hacking group.

For around 14 years, the group has targeted critics, businesses, and political officials in the United States and abroad as part of China’s economic espionage and foreign intelligence goals.

The defendants are Ni Gaobin (倪高彬), 38; Weng Ming (翁明), 37; Cheng Feng (程锋), 34; Peng Yaowen (彭耀文), 38; Sun Xiaohui (孙小辉), 38; Xiong Wang (熊旺), 35; and Zhao Guangzong (赵光宗), 38. All are believed to reside in the PRC.

China-linked cybereaspionage group APT31 (aka Zirconium, Judgment Panda, and Red Keres) was involved in multiple cyber espionage operations, it made the headlines in 2022 after the Check Point Research team discovered that the group used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool, years before it was leaked online by Shadow Brokers hackers.

In July 2021, the French national cyber-security agency ANSSI warned of ongoing attacks against a large number of French organizations conducted by the Chine-linked APT31 cyberespionage group. The state-sponsored hackers were hijacking home routers to set up a proxy mesh of compromised devices to conceal its attack infrastructure.

The cyberespionage group targeted entities in EU, the United States, Canada in previous campaigns. In August 2021, the APT31 group employed a new strain of malware in attacks aimed at entities in Mongolia, Belarus, Canada, the US, and Russia.

“The APT31 Group was part of a cyberespionage program run by the MSS’s Hubei State Security Department, located in the city of Wuhan. Through their involvement with the APT31 Group, since at least 2010, the defendants conducted global campaigns of computer hacking targeting political dissidents and perceived supporters located inside and outside of China, government and political officials, candidates, and campaign personnel in the United States and elsewhere and American companies.” reads the press release published by DoJ. “The defendants and others in the APT31 Group targeted thousands of U.S. and foreign individuals and companies. Some of this activity resulted in successful compromises of the targets’ networks, email accounts, cloud storage accounts, and telephone call records, with some surveillance of compromised email accounts lasting many years.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, APT31)


facebook linkedin twitter

APT31 China Cyberespionage Hacking hacking news information security news IT Information Security malware Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini August 17, 2025
Colt Technology faces multi-day outage after WarLock ransomware attack
Read more
Pierluigi Paganini August 17, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 58
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

    APT / August 16, 2025

    New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

    Malware / August 15, 2025

    Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

    Security / August 15, 2025

    'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

    Malware / August 15, 2025

    Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

    Hacking / August 15, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT