Threat actors worked for profit as well as China’s Ministry of State Security
The U.S. Department of Justice (DOJ) issued a statement today saying the agency has charged two Chinese nationals with hacking into the computer systems of hundreds of companies worldwide. The indictment states that the pair worked with the Guangdong State Security Department (GSSD) of the Ministry of State Security (MSS) as well as for their own profit.
The pair of attackers stole intellectual property including COVID-19 research. The DOJ accuses the pair of recently targeting the networks of over a dozen US based companies in Maryland, Massachusetts, and California that are working to develop vaccines and treatments for COVID-19.
They are charged with unauthorized Access, Conspiracy to Access Without Authorization and Damage Computers, Conspiracy to Commit Theft of Trade Secrets, Conspiracy to Commit Wire Fraud, and Aggravated Identity Theft, according to the US Federal Bureau of Investigations. The pair are now on the FBI’s most wanted list.
The cyber attacks spanned ten years says the DOJ. They hacked into hundreds of companies, governments, non-governmental organizations, and individual dissidents, clergy, and democratic and human rights activists in the United States and abroad, including Hong Kong, and Mainland China. They also attacked technology companies in Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom.
“Cybercrimes directed by the Chinese government’s intelligence services not only threaten the United States but also every other country that supports fair play, international norms, and the rule of law, and it also seriously undermines China’s desire to become a respected leader in world affairs,” says Federal Bureau of Investigations (FBI) Deputy Director David Bowdich.
The eleven-count indictment charges the pair with conspiring to steal trade secrets from at least eight known victims.
The defendants are each charged with
- one count of conspiracy to commit computer fraud
- one count of conspiracy to commit theft of trade secrets
- one count of conspiracy to commit wire fraud
- one count of unauthorized access of a computer
- seven counts of aggravated identity theft
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Assistant Attorney General for National Security John C. Demers.
Industries Targeted by China’s Cyberattacks
- high tech manufacturing
- medical device
- civil engineering
- industrial engineering
- gaming software
- solar energy
The threat actors worked with China’s Ministry of State Security which isChina’s intelligence service. The U.S. does not have an extradition agreement with China, so it’s unlikely the two Chinese nationals who still reside in China, will stand trial for these charges.
In May,a joint statement from the US Department of Homeland security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), warned that they were looking for threat actors believed to be backed by the People’s Republic of China (PRC). The hackers were targeting data relating organization connected to the creation of a vaccine for COVID-19.
The month before, CISA and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert concerning a growing number of cyber attacks using COVID-19 messaging in malware attacks and phishing email campaigns.