Treasury Sanctions ChinaLinked Hackers for Targeting US Critical Infrastructure US Department of the Treasury

pRole of the TreasuryppOfficialsppOrganizational ChartppOrders and DirectivesppDiversity Equity Inclusion and Accessibility ppDomestic FinanceppEconomic PolicyppGeneral CounselppInternational AffairsppManagementppPublic AffairsppTax PolicyppTerrorism and Financial IntelligenceppTribal and Native AffairsppInspectors GeneralppAlcohol and Tobacco Tax and Trade Bureau TTBppBureau of Engraving Printing BEPppFinancial Crimes Enforcement Network FinCENppBureau of the Fiscal Service BFSppInternal Revenue Service IRSppOffice of the Comptroller of the Currency OCCppUS MintppOffice of Inspector General OIGppTreasury Inspector General for Tax Administration TIGTAppSpecial Inspector General for the Troubled Asset Relief Program SIGTARPppSpecial Inspector General for Pandemic Recovery SIGPRppStrategic PlanppBudget RequestAnnual Performance Plan and ReportsppAgency Financial ReportppInspector General Audits and Investigative ReportsppClimate Action PlanppIRS Strategic Operating PlanppCuratorppHistory OverviewppPrior SecretariesppPrior TreasurersppThe Treasury BuildingppCollectionsppFreedmans Bank BuildingppAt HeadquartersppAt Our Bureaus ppTop 10 Reasons to Work HereppBenefits and GrowthppDiversity ppVeterans EmploymentppPathwaysppHow to ApplyppSearch JobsppThe Fair Chance to Compete ActppAmerican Families and WorkersppSmall BusinessesppState Local and Tribal GovernmentsppAmerican IndustryppRevenue ProposalsppTax ExpendituresppInternational TaxppTreaties and Related DocumentsppForeign Account Tax Compliance Act FATCA ppReportsppTax AnalysisppTax Regulatory ProcessppTreasury Coupon IssuesppCorporate Bond Yield CurveppEconomic Policy ReportsppSocial Security and MedicareppTotal Taxable ResourcesppSanctionsppAsset ForfeitureppDomestic Violent Extremismpp311 ActionsppTerrorist Finance Tracking ProgramppMoney LaunderingppFinancial Action Task ForceppProtecting Charitable OrganizationsppTreasury Quarterly RefundingppInterest Rate StatisticsppTreasury SecuritiesppTreasury Investor DatappDebt Management ResearchppCash and Debt ForecastingppDebt LimitppFinancial Stability Oversight CouncilppFederal Insurance OfficeppRESTORE Actpp1603 ProgramppThe Community Development Financial Institution CDFI FundppMaking Home AffordableppSpecially Designated Nationals List SDN ListppConsolidated Sanctions ListppSearch OFACs Sanctions ListsppAdditional Sanctions ListsppOFAC Recent ActionsppSanctions Programs and Country InformationppFrequently Asked QuestionsppOFAC Civil Penalties and EnforcementppContact OFACppFinancial Literacy and Education CommissionppMymoneygovppInnovations in Financial ServicesppFeatured ResearchppThe Committee on Foreign Investment in the United States CFIUSppOutbound Investment Security Program ppExchange Stabilization FundppG7 and G20ppInternational Monetary FundppMultilateral Development BanksppMacroeconomic and Foreign Exchange Policies of Major Trading PartnersppExchange Rate AnalysisppUSChina Comprehensive Strategic Economic Dialogue CEDppSmall and Disadvantaged Business UtilizationppSmall Business Lending FundppState Small Business Credit InitiativeppDaily Treasury Par Yield Curve RatesppDaily Treasury Par Real Yield Curve RatesppDaily Treasury Bill RatesppDaily Treasury LongTerm RatesppDaily Treasury Real LongTerm Ratespp ppTreasury Coupon IssuesppCorporate Bond Yield CurveppYour Guide to Americas FinancesppMonthly Treasury StatementppDaily Treasury StatementppUSAspendinggovppNational Debt to the PennyppHistorical Debt OutstandingppMonthly Statement of the Public Debt ppDebt Management Overview and Quarterly Refunding ProcessppMost Recent DocumentsppArchivesppWebcastspp ppUS International Portfolio Investment StatisticsppRelease DatesppForms and InstructionsppTIC Press ReleasesppReportsppReport COVID19 Scam AttemptsppReport Scam AttemptsppReport Fraud Related to Government ContractsppInspectors GeneralppBuy Manage and RedeemppTreasury Hunt Search for Matured BondsppCashing Savings Bonds in DisasterDeclared AreasppFrequently Asked QuestionsppPay for Results SIPPRAppRESTORE ActppCommunity Development Financial Institution CDFI FundppWhere is my RefundppLost or Expired CheckppDirect Express CardppNonBenefit Federal PaymentsppElectronic Federal Benefit Payments GoDirectppShop for Coin ProductsppShop for Currency Products ppRedeem Damaged CurrencyppBureau of Engraving and PrintingppUS Mintpp ppIRS AuctionsppReal EstateppGeneral Property Vehicles Vessels AircraftppApplicationsppFrequently Asked Questionspp ppInternal Revenue Service IRS ppIRS Forms Instructions PublicationsppRefund StatusppForeign Account Tax Compliance ActppIRS Forms and InstructionsppSavings Bonds Treasury SecuritiesppBank Secrecy Act Fincen 114 and moreppOFAC License ApplicationppOFAC ReportingppTreasury International Capital TICppEnterprise Applications EAppTreasury Franchise Fund TFFppAdministrative Resource Center ARCppShared Services Program SSPppFinancial Management Quality Service Management Office Marketplace CatalogppTreasuryDirectppInvoice Processing PlatformppHistoric Treasury BuildingppLibraryppCuratorppBureau of Engraving and PrintingppUS MintppPress ContactsppWeekly Public Schedule ArchiveppWebcastsppMedia Advisories ArchiveppSubscribe to Press ReleasesppThe US and UK take action against actors affiliated with the Chinese statesponsored APT 31 hacking group ppWASHINGTON Today the Department of the Treasurys Office of Foreign Assets Control OFAC sanctioned Wuhan Xiaoruizhi Science and Technology Company Limited Wuhan XRZ a Wuhan Chinabased Ministry of State Security MSS front company that has served as cover for multiple malicious cyber operations OFAC is also designating Zhao Guangzong and Ni Gaobin two Chinese nationals affiliated with Wuhan XRZ for their roles in malicious cyber operations targeting US entities that operate within US critical infrastructure sectors directly endangering US national security This action is part of a collaborative effort with the US Department of Justice Federal Bureau of Investigation FBI Department of State and the United Kingdom Foreign Commonwealth Development Office FCDO ppPeoples Republic of China PRC statesponsored malicious cyber actors continue to be one of the greatest and most persistent threats to US national security as highlighted in the most recent Office of the Director of National Intelligence Annual Threat AssessmentppThe United States is focused on both disrupting the dangerous and irresponsible actions of malicious cyber actors as well as protecting our citizens and our critical infrastructure said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E Nelson Through our wholeofgovernment approach and in close coordination with our British partners Treasury will continue to leverage our tools to expose these networks and protect against these threatsppToday the Department of Justice unsealed indictments of Zhao Guangzong Ni Gaobin and five other defendants and the US Department of State announced a Rewards for Justice offer for information on these individuals their organization or any associated individuals or entities and the UK Foreign Commonwealth Development Office implemented matching sanctionsppAn Advanced Persistent Threat APT is a sophisticated cyber actor or group with the capability to conduct advanced and sustained malicious cyber activity often with the goal of maintaining ongoing access to a victims network Information security researchers will categorize and name certain APTs based on observed patterns such as the location of the perpetrators the types of victims targeted and the techniques used in the malicious cyber activity APT 31 is a collection of Chinese statesponsored intelligence officers contract hackers and support staff that conduct malicious cyber operations on behalf of the Hubei State Security Department HSSD APT 31 has targeted a wide range of highranking US government officials and their advisors integral to US national security including staff at the White House the Departments of Justice Commerce the Treasury and State members of Congress including both Democrat and Republican Senators the United States Naval Academy and the United States Naval War Colleges China Maritime Studies Institute ppAPT 31 has targeted victims in some of Americas most vital critical infrastructure sectors including the Defense Industrial Base information technology and energy sectors APT 31 actors have gained unauthorized access to multiple Defense Industrial Base victims including a defense contractor that manufactured flight simulators for the US military a Tennesseebased aerospace and defense contractor and an Alabamabased aerospace and defense research corporation Additionally APT 31 actors gained unauthorized access to a Texasbased energy company as well as a Californiabased managed service provider ppIn 2010 the HSSD established Wuhan XRZ as a front company to carry out cyber operations This malicious cyber activity resulted in the surveillance of US and foreign politicians foreign policy experts academics journalists and prodemocracy activists as well as persons and companies operating in areas of national importance In 2018 employees of Wuhan XRZ conducted an APT 31 malicious cyber operation on a Texasbased energy company gaining unauthorized access ppOFAC is designating Wuhan XRZ pursuant to Executive Order EO 13694 as amended by EO 13757 EO 13694 as amended for being responsible for or complicit in or having engaged in directly or indirectly cyber enabled activities originating from or directed by persons located in whole or in substantial part outside the United States that are reasonably likely to result in or has materially contributed to a significant threat to the national security foreign policy or economic health or financial stability of the United States and that have the purpose or effect of harming or otherwise significantly compromising the provision of services by a computer or network of computers that support one or more entities in a critical infrastructure sector ppZhao Guangzong is a Chinese national who has conducted numerous malicious cyber operations against US victims as a contractor for Wuhan XRZ Zhao Guangzong was behind the 2020 APT 31 spear phishing operation against the United States Naval Academy and the United States Naval War Colleges China Maritime Studies Institute Additionally Zhao Guangzong has conducted numerous spear phishing operations against Hong Kong legislators and democracy advocates ppOFAC is designating Zhao Guangzong pursuant to EO 13694 as amended for being owned or controlled by or having acted or purported to act for or on behalf of directly or indirectly Wuhan XRZ an entity whose property or interest in property are blocked pursuant to EO 13694 as amendedppNi Gaobin is a Chinese national who has conducted numerous malicious cyber operations against US victims Ni Gaobin assisted Zhao Guangzong in many of his most high profile malicious cyber activities while Zhao Guangzong was a contractor at Wuhan XRZ including the 2020 spear phishing operation against the United States Naval Academy and United States Naval War Colleges China Maritime Studies Institute ppOFAC is designating Ni Gaobin pursuant to EO 13694 as amended for being owned or controlled by or having acted or purported to act for or on behalf of directly or indirectly Wuhan XRZ an entity whose property or interest in property are blocked pursuant to EO 13694 as amendedppAs a result of todays action all property and interests in property of the designated persons and entity described above that are in the United States or in the possession or control of US persons are blocked and must be reported to OFAC In addition any entities that are owned directly or indirectly individually or in the aggregate 50 percent or more by one or more blocked persons are also blocked Unless authorized by a general or specific license issued by OFAC or exempt OFACs regulations generally prohibit all transactions by US persons or within or transiting the United States that involve any property or interests in property of designated or otherwise blocked persons ppIn addition financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action The prohibitions include the making of any contribution or provision of funds goods or services by to or for the benefit of any designated person or the receipt of any contribution or provision of funds goods or services from any such person ppThe power and integrity of OFAC sanctions derive not only from OFACs ability to designate and add persons to the SDN List but also from its willingness to remove persons from the SDN List consistent with the law The ultimate goal of sanctions is not to punish but to bring about a positive change in behavior For information concerning the process for seeking removal from an OFAC list including the SDN List please refer to OFACs Frequently Asked Question 897 here For detailed information on the process to submit a request for removal from an OFAC sanctions list please click hereppClick here for more information on the individuals and entities designated todaypp pppp p