US charges two Chinese spies for a global hacking campaign that targeted COVID-19 research
The 11-count
indictment unsealed on Tuesday, July 22, alleges Li Xiaoyu, 34, and Dong
Jiazhi, 33, said to be working for China’s state intelligence bureau,stole
terabytes of data from high-technology companies, around the world including the United States, the prosecutors
said.
The prosecutors
accused the hackers of recently targeting the networks of over a dozen U.S.
companies in Maryland, Massachusetts, and California developing vaccines and
treatments for COVID-19.
The indictment comes
just weeks after both the FBI and Homeland Security warned that China was
actively trying to steal U.S. research data related to the coronavirus
pandemic.
The hackers were
first discovered after they targeted a U.S. Department of Energy network in
Hanford, Washington, the Justice Department said.
The prosecutors said
the hackers also targeted companies in Australia, South Korea, and several
European nations, using known but unpatched vulnerabilities in widely used web
server software to break into their victims’ networks. By gaining a foothold
onto the network, the hackers installed password-stealing software to gain
deeper access to their systems.
The prosecutors also
said that the hackers would “frequently” return to the networks — in some cases
years later.
According to the
indictment, the hackers stole “hundreds of millions of dollars” worth of trade
secrets and intellectual property. The prosecutors also allege that the hackers
stole data related to military satellite programs, military wireless networks
and high-powered microwave and laser systems from defense contractors.
The hackers are said
to have targeted their victims on behalf of China’s intelligence services, but
also hacked for personal financial gain.
In one case,
prosecutors said the hackers “sought to extort cryptocurrency” from a victim
company by threatening to publish the victim’s stolen source code online.
John C. Demers, U.S.
assistant attorney general for national security, said that the indictments
were “concrete examples” of how China used hackers to “rob, replicate and
replace” non-Chinese companies in the global marketplace.
Demers also accused
China of providing a safe-haven for the hackers.
“China has now taken
its place, alongside Russia, Iran and North Korea, in that shameful club of
nations that provide a safe haven for cyber criminals in exchange for those
criminals being ‘on call’ to work for the benefit of the state, here to feed
the Chinese Communist party’s insatiable hunger for American and other
non-Chinese companies’ hard-earned intellectual property, including COVID-19
research,” said Demers.
Mandiant, the
incident response division of security firm FireEye, said it has tracked the
hackers since 2013 and the tactics, techniques, and procedures used by the
hackers is “consistent” with its findings.
“The Chinese
government has long relied on contractors to conduct cyber intrusions,” said
Ben Read, senior manager of analysis at Mandiant, in an email. “Using these
freelancers allows the government to access a wider array of talent, while also
providing some deniability in conducting these operations.”
“The pattern
described in the indictment where the contractors conducted some operations on
behalf of their government sponsors, while others were for their own profit is
consistent with what we have seen from other China-nexus groups such as APT41,”
he said, referring to the Chinese advanced persistent threat group associated
with the indictment.
If prosecuted, the
wanted hackers could each face more than 40 years in prison. But prosecutors
believe the hackers are in China, and extraditions to the U.S. are unlikely
because of the strained relationship between China and the US.
Post a Comment