US accuses two Chinese nationals of hacking spree

State backed hackers

The US Justice Department has indicted two Chinese nationals over their role in what the agency called a decade-long cyber espionage campaign that targeted defence contractors, coronavirus researchers and hundreds of other victims worldwide.

KEY POINTS:

  • Two Chinese citizens have been indicted by the US Justice Department for their role in cyber espionage
  • The espionage was said to target defence contractors, coronavirus research and had hundreds of victims around the world
  • The latest move by the US government further ramps tensions between the rival nations

US authorities said Li Xiaoyu and Dong Jiazhi stole software source code, weapons designs, drug info and a myriad of personal data from key targets that included dissidents and figures known to oppose the Chinese Communist Party. Officals said the two suspects are alleged to be contractors working for the Chinese government, rather than full-fledged spies.

US Assistant Attorney General for National Security John Demers said at a press conference the hackings showed that the Chinese government “is willing to turn a blind eye to prolific criminal hackers operating within its borders.”

“In this manner, China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provides safe haven for cyber criminals in exchange for those criminals being on call for the benefit of the state.”

The Chinese Embassy in Washington DC referred journalists from the news agency Reuters to comments from the Chinese Foreign Ministry, “China has long been a major victim of cyber thefts and attacks” and officials “firmly oppose and fight” such activities.

Related Article:  Australia to spend nearly $1 billion to boost cyber security

The US indictment did not name any companies or individual targets, but US Attorney William Hyslop, cited “hundreds and hundreds of victims in the US and worldwide.” Officials said the probe was triggered when the hackers broke into a network belonging to the Hanford Site, a decommissioned United States nuclear complex in eastern Washington state, in 2015.

Li and Dong were “one of the most prolific group of hackers we’ve investigated,” said Federal Bureau of Investigation Special Agent Raymond Duda, who heads the FBI’s Seattle field office.

A July 7 indictment made public on Tuesday alleges that Li and Dong were contractors for China’s Ministry of State Security, or MSS, a comparable agency to the CIA. The MSS, prosecutors said, supplied the hackers with information into critical software vulnerabilities to penetrate targets and collect intelligence. Targets included Hong Kong protesters, the office of the Dalai Lama and a Chinese Christian non-profit.

As early as the 27th of January, as the coronavirus outbreak was coming into focus, the hackers were trying to steal vaccine research from a currently unnamed biotechnology business based in the state of Massachusetts.

Just yesterday, the Justice Department indicted two Chinese citizens over their role in what the agency called a decade-long cyber espionage campaign that targeted defence contractors, COVID researchers and hundreds of other victims worldwide.

US authorities said Li Xiaoyu and Dong Jiazhi stole terabytes of weapons designs, drug information, software source code, and personal data from targets that included dissidents and Chinese opposition figures. They were contractors for the Chinese government, rather than full-fledged spies, US officials said.

Related Article:  Exclusive: China's SenseTime expects $750 mln 2019 revenue despite U.S. ban - sources

US Assistant Attorney General for National Security John Demers said at a virtual press conference the hackings showed China “is willing to turn a blind eye to prolific criminal hackers operating within its borders.”

“In this manner, China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provides safe haven for cybercriminals in exchange for those criminals being on call for the benefit of the state.”

Messages left with several accounts registered under Li’s digital alias, oro0lxy, were not immediately returned. Contact details for Dong were not immediately available.

The Chinese Embassy in Washington referred Reuters to recent Chinese Foreign Ministry comments that “China has long been a major victim of cyber thefts and attacks” and its officials “firmly oppose and fight” such activities.

The indictment mostly did not name any companies or individual targets, but US Attorney William Hyslop, who spoke alongside Demers, cited “hundreds and hundreds of victims in the United States and worldwide.” Officials said the probe was triggered when the hackers broke into a network belonging to the Hanford Site, a decommissioned US nuclear complex in eastern Washington state, in 2015.

Li and Dong were “one of the most prolific group of hackers we’ve investigated,” said FBI Special Agent Raymond Duda, who heads the agency’s Seattle field office.

Related Article:  Sellers on the 'Darknet' tout face masks for bitcoin, researchers say

A July 7 indictment made public on Tuesday alleges that Li and Dong were contractors for China’s Ministry of State Security, or MSS, a comparable agency to the US Central Intelligence Agency. The MSS, prosecutors said, supplied the hackers with information into critical software vulnerabilities to penetrate targets and collect intelligence. Targets included Hong Kong protesters, the office of the Dalai Lama and a Chinese Christian non-profit.

As early as the 27th of January, as the coronavirus outbreak was coming into focus, the hackers were trying to steal vaccine research of an unidentified Massachusetts biotech firm, the indictment said.

It is unclear whether anything was stolen but one expert said the allegation shows the “extremely high value” that governments such as China placed on COVID-related research.

“It is a fundamental threat to all governments around the world and we expect information relating to treatments and vaccines to be targeted by multiple cyber espionage sponsors,” said Ben Read, a senior analyst at cybersecurity company FireEye.

He noted that the Chinese government had long relied on contractors for its cyberspying operations.

“Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations,” Read said.

Initial reporting via our content partners at Reuters. Reporting by Chris Sanders; Editing by Chizu Nomiyama and Richard Chang. Comment by Rob Phillips.

Share This Post