Download the all-new Republic app:

Published 15:33 IST, July 21st 2023

Here are 5 recently identified Chinese hacking teams: Report

Authorities from China have consistently denied any form of state-sponsored hacking, saying China itself is a frequent target of cyberattacks.

Reported by: Thomson Reuters
Follow: Google News Icon
  • share
Beijing calls US the empire of hacking | Image Credit: Pixabay | Image: self
Advertisement

Chinese hacking teams have been blamed by Western intelligence agencies and cybersecurity groups for digital intrusion campaigns across the world, targeting everything from government and military organisations to corporations and media groups.

China's authorities have consistently denied any form of state-sponsored hacking, saying China itself is a frequent target of cyberattacks. Beijing has called the US "the empire of hacking."

Advertisement

Some of the Chinese hacking teams recently identified are:

STORM-0558

Chinese hackers have since May secretly accessed email accounts at around 25 organisations, including US government agencies, Microsoft and US officials have said.

These include the accounts of US Commerce Secretary Gina Raimondo and, according to a Wall Street Journal report on Thursday, US envoy to China Nicholas Burns and Daniel Kritenbrink, the assistant secretary of state for East Asia.

Microsoft said a China-based actor, which it nicknamed Storm-0558, misappropriated one of its digital keys and used a flaw in its code to steal emails.

Advertisement

China's embassy in Washington said in a statement that identifying the source of cyber attacks was complex and warned against "groundless speculations and allegations."

Chinese hackers

Cybersecurity firms believe many of those groups are backed by China's government | Image Credit: Pixabay

Advertisement

'VOLT TYPHOON'

Western intelligence agencies and Microsoft said on May 24 that Volt Typhoon, a group they described as state-sponsored, had been spying on a range of US critical infrastructure organisations, from telecommunications to transportation hubs.

They described the attacks in 2023 as one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure.

Advertisement

China's foreign ministry rejected the claims.

'BACKDOORDIPLOMACY'

A Reuters report in May identified BackdoorDiplomacy as being behind a widespread series of digital intrusions over several years against key Kenyan ministries and state institutions. The Chinese authorities said it was not aware of such hacking and described the accusations as baseless.

Palo Alto Networks, a US cybersecurity firm, said its research showed BackdoorDiplomacy had links to the Chinese state and was part of the APT15 hacking group.

APT 41

Chinese hacking team APT 41, which is also known as Wintti, Double Dragon and Amoeba, has conducted a mix of government-backed cyber intrusions and financially motivated data breaches, according to US-based cybersecurity firms FireEye and Mandiant.

The US secret service said the team had stolen US COVID-19 relief benefits worth tens of millions of dollars between 2020 and 2022.

Taiwan-based cybersecurity firm TeamT5 said the group had targeted government, telecoms and media victims in Japan, Taiwan, South Korea, the United States and Hong Kong.

APT 41 was named by the US Department of Justice in September 2020 in relation to charges brought against seven hackers for allegedly compromising more than 100 companies around the world.

The Chinese authorities have described such reports as "groundless accusations."

APT 27

Western intelligence agencies and cybersecurity researchers say the Chinese hacking team APT 27 is sponsored by the state and has launched multiple attacks on Western and Taiwanese government agencies.

APT 27 claimed responsibility for cyberattacks against Taiwan in 2022 during a visit by then US House of Representatives Speaker Nancy Pelosi, saying it acted as a protest because Pelosi defied China's warnings not to visit.

Cybersecurity firm Mandiant said last year the group compromised the computer networks of at least six US state governments between May 2021 and February 2022, while the German authorities named blamed it for attacks against German pharmaceutical, technology and other companies. 

14:11 IST, July 21st 2023