Attacks deployed by Chinese state-backed threat operation APT31 against numerous U.S. and Western politicians, journalists, foreign policy experts, and dissidents between 2015 and 2024 also involved the targeting of their family members as part of the group's cyberespionage efforts, according to CyberScoop.
Malicious emails with tracking links, which when clicked would reveal key device, network, and IP information, have been sent by APT31 to the family members of their targets, with the Chinese hackers later using the obtained information to facilitate reconnaissance efforts against higher-value targets, an unsealed indictment from U.S. prosecutors revealed.
Such targeting indicates a two-pronged approach leveraged by Chinese state-sponsored hackers, said Atlantic Council Global China Hub nonresident fellow Dakota Cary.
"I think it's clear to see that family is explicitly on the table for China, whether that's to get through the family to a specific target or go after the family themselves," Cary added.
Meanwhile, Mandiant and Google Cloud Principal Analyst Michael Raggi noted the distinction between APT31's attacks and other Chinese critic intimidation efforts.