APT31/Wuhan Xiaoruizhi Science & Technology Company, Ltd.
Global | Silangang Asya at Pasipiko
The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act.
Advanced Persistent Threat 31 (APT31) is a collection of Chinese state-sponsored intelligence officers, contract hackers, and support staff that conduct malicious cyber operations on behalf of the Hubei State Security Department (HSSD), a provincial branch of the Ministry of State Security. The group is also known by cybersecurity researchers as Zirconium, Violet Typhoon, Judgment Panda, and Altaire.
APT31 has targeted a wide range of victims linked to U.S. national security including staff at the White House; the U.S. Departments of Justice, Commerce, Treasury, and State; members of the U.S. Congress, including both Democrat and Republican Senators; the United States Naval Academy; and the United States Naval War College’s China Maritime Studies Institute.
APT31 has targeted victims in some of America’s most vital critical infrastructure sectors, including the Defense Industrial Base, information technology, telecommunications, energy, and financial sectors. APT31 hackers have gained unauthorized access to multiple Defense Industrial Base victims, including a cleared defense contractor that manufactured flight simulators for the U.S. military, a Tennessee-based cleared aerospace and defense contractor, and an Alabama-based aerospace and defense research corporation. Additionally, APT31 hackers gained unauthorized access to a Texas-based energy company, as well as a California-based managed service provider.
In 2010, the HSSD established the Wuhan Xiaoruizhi Science and Technology Company, Limited (武汉晓睿智科技有限责任公司; Wuhan XRZ) as a front company to carry out sophisticated cyber espionage from its base of operations in Wuhan, Hubei Province, China.
Wuhan XRZ’s cyber operations resulted in the surveillance of U.S. and foreign politicians, foreign policy experts, academics, journalists, and democracy activists, as well as persons and companies operating in areas of national importance. In 2018, Wuhan XRZ launched an APT31 cyberattack on a Texas-based energy company.
Chinese nationals Cheng Feng (程锋 ), Ni Gaobin (倪高彬), Peng Yaowen (彭耀文), Sun Xiaohui (孙小辉), Weng Ming (翁明), Xiong Wang (熊旺), and Zhao Guangzong (赵光宗) are malicious cyber actors affiliated with Wuhan XRZ.
Zhao and Ni have conducted numerous cyberattacks against U.S. victims as a contractor for Wuhan XRZ and were behind the 2020 APT31 spear phishing operation against the United States Naval Academy and the United States Naval War College’s China Maritime Studies Institute.
The other five individuals have collaborated with Ni and Zhao by developing malware, devising malicious cyber processes, and assisting in cyber intrusions against a long list of U.S. victims associated with U.S. government and critical infrastructure sectors.
Anyone with information on APT31, Wuhan XRZ, Cheng Feng, Ni Gaobin, Peng Yaowen, Sun Xiaohui, Weng Ming, Xiong Wang, and Zhao Guangzong, or their malicious cyber activity should contact Rewards for Justice via the Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required).
