US accuses two Chinese spies of global hacking campaign targeting COVID-19 research – TechCrunch
U.S. prosecutors have indicted two Chinese nationals, who are said to work for the Chinese state intelligence bureau, with their alleged involvement in a massive global hacking operation that has targeted hundreds of businesses and governments for more than a decade.
The indictment in 11 charges, unsealed Tuesday, alleges that Li Xiaoyu, 34, and Dong Jiazhi, 33, stole terabytes of data from high-tech companies around the world, including the United States, prosecutors said.
More recently, prosecutors accused hackers of targeting the networks of more than a dozen U.S. companies in Maryland, Massachusetts and California developing COVID-19 vaccines and treatments.
The indictment comes just weeks after the FBI and Homeland Security warned China was actively trying to steal U.S. research data linked to the coronavirus pandemic.
The hackers were first discovered after targeting a US Department of Energy network in Hanford, Wash., The Department of Justice said. The hackers also targeted businesses in Australia, South Korea and several European countries. Hackers used known but unpatched vulnerabilities in widely used web server software to break into the networks of their victims. By gaining a foothold on the network, hackers installed password-stealing software to gain deeper access to their systems. Prosecutors said hackers would return to the networks “frequently” – in some cases years later.
According to the indictment, hackers have stolen “hundreds of millions of dollars” in trade secrets and intellectual property. Prosecutors also allege that hackers stole data related to military satellite programs, military wireless networks and high-power microwave and laser systems from defense contractors.
The hackers reportedly targeted their victims on behalf of Chinese intelligence, but were also hacked for personal financial gain. Prosecutors said in one case, hackers “sought to extort cryptocurrency” from a victimized business by threatening to post the victim’s stolen source code online.
John C. Demers, Assistant United States Attorney General for National Security, said the indictments were “real examples” of how China has used hackers to “steal, duplicate and replace” non-Chinese companies in the global market.
Demers also accused China of providing safe haven for hackers.
“China has now taken its place, alongside Russia, Iran and North Korea, in this shameful club of nations that offer safe haven to cybercriminals in exchange for these ‘on-call’ criminals to work in the world. benefit of the state, here to feed the Chinese Communist Party’s insatiable hunger for the hard-earned intellectual property of American and other non-Chinese companies, including COVID-19 research, ”Demers said.
Mandiant, the incident response division of security firm FireEye, said it has been following hackers since 2013 and that the tactics, techniques and procedures used by hackers are “consistent” with its findings.
“The Chinese government has long relied on contractors to carry out cyber intrusions,” Ben Read, senior director of analysis at Mandiant, said in an email. “The use of these freelancers allows the government to access a wider range of talent, while providing some denial in the conduct of these operations. ”
“The pattern described in the indictment that the contractors carried out some operations on behalf of their government sponsors, while others were for their own benefit, is consistent with what we have seen from other related groups. to China such as APT41, ”he said, referring to the Chinese group’s advanced persistent threat associated with the indictment.
If prosecuted, the hackers each face more than 40 years in prison. But since the hackers are still believed to be in China, any extradition to the United States is unlikely.