Microsoft discloses Zirconium (APT31) targeting of 2020 US presidential campaign and international affairs community
PRC state-sponsored intrusion set publicly attributed to the Ministry of State Security's Hubei State Security Department, operating through the front company Wuhan Xiaoruizhi Science and Technology…
Summary
Microsoft's Customer Security & Trust team reported that Zirconium — the Microsoft alias for APT31 — had launched thousands of attacks between March and September 2020, resulting in nearly 150 compromises. The China-based group indirectly targeted the Joe Biden for President campaign via non-campaign email accounts of affiliated individuals, as well as academics at more than 15 universities and 18 international affairs organizations including the Atlantic Council and Stimson Center, using web-beacon reconnaissance tied to attacker-controlled domains.
Tags
Primary source
blogs.microsoft.comOther APT31 events
- 2025-05-28Czech Republic publicly attributes multi-year MFA intrusion to APT31
- 2024-03-25UK sanctions APT31 front company and operators over Electoral Commission breach and parliamentary targeting
- 2024-03-25Treasury sanctions Wuhan XRZ front company and two APT31 hackers for targeting US critical infrastructure
- 2024-03-25DOJ unseals indictment charging seven APT31 hackers tied to MSS Hubei State Security Department