US prosecutors charged two Chinese nationals for their alleged involvement in a global hacking operation. This operation has been targeting companies and governments over the past ten years. The two people that have been charged are said to be working for China’s state intelligence bureau. The FBI describes the pair as “one of the most prolific groups of hackers” the bureau has investigated.
Accused of Cyber Espionage
Li Xiaoyu and Dong Jaizhi are accused of cyber espionage. The accusations, which were released on Tuesday, include charges of trade secret theft and wire fraud conspiracy. Authorities say that the two men took part in a cyber espionage campaign that stole weapon designs, drug information, and software source code. This campaign has been going on for over a decade.
The hackers used vulnerabilities in web server software that hadn’t been patched yet, to break into their victims’ networks. They then installed password stealing software to gain deeper access into the systems. The hackers have allegedly stolen “hundreds of millions of dollars” worth of trade secrets and intellectual property.
Covid-19 Research Facilities were Targeted
Recently, the pair is said to have been spying on a biotech firm in Massachusetts in January. This firm was researching a possible cure for Covid-19. A week later, another firm was hacked after they announced that they were researching a cure as well. This firm was located in Maryland. The indictment says that the two men “researched vulnerabilities in the networks of biotech and other firms publicly known for work on Covid-19 vaccines, treatments, and testing technology”.
The two men are regarded as private hackers, although they did also receive support from Chinese intelligence on occasion. One of the people that has allegedly offered support is an officer of the Chinese Ministry of State Security.
Other countries that were targeted by the pair include Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, Sweden and the UK. They allegedly targeted Hong Kong protesters, the office of the Dalai Lama, and a Chinese-Christian non-profit organization, according to the US.
Involvement of the Chinese Government
The prosecutors said that Li and Dong have acted on their own in some cases. They have, for instance, demanded ransom for data that they had taken from a company. But according to the prosecutors they have also stolen data “of obvious interest” to the Chinese government. According to the indictment, the hackers “worked with, were assisted by, and operated with the acquiescence of” the Ministry of State Security.
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cybercriminals in exchange for those criminals being ‘on-call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including Covid-19 research,” John Demers, assistant attorney general for national security, said on Tuesday.
Ben Read, a senior analyst at cybersecurity company FireEye, said that the Chinese government has been relying on contractors for their cyberspying operations for a while. “Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations,” he said.
Of course, China has denied their involvement in any of this. If the US actually prosecutes the hackers, they could face 40 years imprisonment. But the hackers are believed to still be in China, and it is unlikely that China will extradite them to the US.