Seven Charged in Connection with Computer Intrusion Campaigns Against More Than 100 Victims Globally
The United States Department of Justice announced the indictments of five Chinese and two Malaysian computer hackers. The five Chinese computer hackers are charged with computer intrusions that impacted over 100 companies globally, including organizations in the United States.
The seven defendants were charged in three separate indictments in August 2019 and August 2020 for the Chinese hackers. And then another indictment in September 2020 for the Malaysians. Two defendants were arrested in Malaysia and are being extradited to the United States. The other five are at large in mainland China.
Three of the defendants charged with racketeering conspiracy targeted companies in Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam. The defendants also compromised foreign government computer networks in India and Vietnam. They targeted but did not compromise, government computer networks in the United Kingdom.
READ: Top 9 Cyber Threats for Businesses
“The Department of Justice has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens,” said Deputy Attorney General Jeffrey A. Rosen. “Regrettably, the Chinese communist party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.”
Chinese APT41 Hackers Indicted
According to the indictment, two Chinese hackers — Zhang Haoran (张浩然) and Tan Dailin (谭戴林)—were charged in August 2019. They targeted software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.
The three other Chinese hackers, Jiang Lizhi (蒋立志), Qian Chuan (钱川) and Fu Qiang (付强), were charged in August 2020.
Three Chinese defendants, Lizhi, Chuan and Qiang, are associated with APT41 A state sponsored organization that carries out malicious cyber activity for the Chinese government. They were charged with nine counts of racketeering conspiracy, conspiracy to violate the CFAA, substantive violations of the CFAA, access device fraud, identity theft, aggravated identity theft, and money laundering.
“These intrusions also facilitated the defendants’ other criminal schemes, including ransomware and “crypto-jacking” schemes, the latter of which refers to the group’s unauthorized use of victim computers to “mine” cryptocurrency., says the DOJ press release.
August 2020 DOJ Indictment
Two Malaysians were also charged at that time. The three Chinese hackers indicted this year all worked for Chengdu 404 Network Technology which was operated by the PRC as a front.
APT41 Wicked Panda
Advanced Persistent Threat (APT) group 41, also known as APT41, Barium, Winnti, Wicked Panda, and Wicked Spider. The threat actors were first seen in 2012. The Chinese state-sponsored hackers work at that behest other People’s Republic of China (PRC). Their criminal cyberattacks focus on cyberespionage and financial gain.
“The scope and sophistication of the crimes in these unsealed indictments is unprecedented. The alleged criminal scheme used actors in China and Malaysia to illegally hack, intrude and steal information from victims worldwide,” said Michael R. Sherwin, Acting U.S. Attorney for the District of Columbia.
The U.S. District Court for the District of Columbia issued seizure warrants in September 2020. Hundreds of accounts, servers, domain names, and command-and-control (C2”) dead drop web pages used by the defendants were seized.
“Today’s announcement demonstrates the ramifications faced by the hackers in China but it is also a reminder to those who continue to deploy malicious cyber tactics that we will utilize every tool we have to administer justice,” said FBI Deputy Director David Bowdich.
All 5 Chinese nationals remain at large in mainland China.