What’s going on:
In a recent interview by media, a PRC Spokesperson speaks out against alleged “so-called cyber attacks by China against UK, are completely fabricated and malicious slanders” continuing to say “We strongly oppose such accusations. China has always firmly fought all forms of cyber attacks accordingly to law. China does not encourage, support or condone cyber attacks”.
Despite these comments, investigations regarding the Chinese-sponsored APT31 (Judgement Panda) are currently underway in Finland, New Zealand, and the United Kingdom, beginning with incidents occurring between 2020 and 2022. Some sources including US Intelligence Officials are stating a global hacking campaign is still in APT 31’s current M.O. (Modus operandi).
Where its happening:
In New Zealand; a public post was made by Bill Bishops’ “X” (formerly Twitter”) account in regards to this current ongoing cyber breach. This intrusion, dating back to 2021, appears to have targeted parliamentary networks. The Government Communications Service Bureau (GCSB) of New Zealand has also made established links to Judgement Panda in this ongoing attack. Attacks like this against New Zealand date back before this 2020/2021 attack have been attributed to APT40 (Leviathan), another PRC-backed group.
In Finland; Beginning with a 2020 police report, Finnish police began an investigation into malicious cyber activity on parliamentary information systems occurring between Fall 2020 and early 2021, stating that APT31 was the primary suspect. This suspicion has been recently confirmed by Finnish police as well as identifying a suspect, details of which have not been publicized. In a public statement the head of the investigation Detective Chief Inspector Aku Limnell stated: “The criminal investigation has been demanding and time consuming because it has involved challenging investigations into complex criminal infrastructure.” The criminal investigation into APT31 is still ongoing by Finland Police Service.
In the United Kingdom: The UK government has recently disclosed two malicious cyber campaigns aimed at democratic institutions and parliamentarians. The first campaign, which took place between late 2021 and October 2022, allegedly involved Beijing gaining access to the personal details of approximately 40 million voters, as stored by the Electoral Commission. Notably, authorities have stated that despite the breach, there was no impact on the electoral process or registrations.
In a more targeted effort, the second campaign saw UK intelligence pointing to APT 31 as the likely perpetrator. This campaign involved reconnaissance activity directed at UK parliamentarians, specifically those who are prominent critics of China. British intelligence has labeled the attempt as “highly likely” to have been orchestrated by APT 31, yet they have affirmed that none of the targeted politicians’ accounts were compromised.
In the United States: APT31 has been accused of high-profile attacks in the past: In 2020, both Google and Microsoft issued warnings regarding the group’s targeting of personal emails belonging to campaign staff associated with Joe Biden. Recent revelations from the US Justice Department have shed light on a much larger and prolonged campaign spanning 14 years on a global scale.
The scope of this campaign is staggering, with targets ranging from political dissidents and critics of China to US government officials, political candidates, and American companies. The Justice Department has confirmed that the number of targets runs into the thousands, with some of the compromised activities including access to email accounts, cloud storage accounts, and telephone call records. Of particular concern is the duration of some of these surveillance efforts, with the Justice Department noting that certain email account monitoring lasted “many years.”
How the attacks were conducted:
Critics of China’s governments and supporters of Chinese political dissidents appear to have been a common target of the hackers’ campaigns, according to UK and US authorities.
The UK and the US allege that APT 31 used phishing techniques – in which victims are sent emails containing links that steal their private details – in order to access sensitive information. However phishing takes many forms APT31 used forms of spear phishing, whaling, and basic spam techniques in order to go after journalists, gov. officials and politicians to gain access to the government networks and information. US Deputy Attorney General Lisa Monaco revealed that over 10,000 such emails were dispatched, masquerading as communications from news outlets, politicians, and critics of China – were sent as part of the campaign.
These phishing emails purportedly contained concealed tracking links. Upon opening, recipients inadvertently transmitted information such as their location, device details, and IP address to a server controlled by the hackers. With this acquired data, APT31 purportedly engaged in more targeted hacking endeavors.
“Personally, I’ve had a wolf warrior that was impersonating me for some time using a fake email address, emailing all sorts of politicians around the world, saying that I’d recanted my views, also saying basically that I was a liar — all these sorts of things to various people,” British Parliamentarian Sir Iain Duncan Smith told VOA.
“I only came to know about it because I know some of them, and they were sending this back to me to say, ‘Why are you sending me emails recanting and basically calling yourself a liar?'” Smith said.
While no parliamentary accounts were successfully breached in the UK, prosecutors noted that hackers sent over 10,000 emails impersonating journalists and other figures. These emails contained malicious code that would give hackers access to the victims’ location, IP addresses and devices.
These same tactics appear to also have been used against Finnish and New Zealand parliamentary and government systems in question. The full scope of success on these countries however has yet to be made public.
