US accuses Chinese nationals of hacking spree targeting COVID data, defense secrets

US authorities said the Chinese nationalsparticipated in a multiyear cyber espionage campaign that stole weapons designs, drug information, software source code, etc.


The copy has been updated with the full statement by FireEye Mandiant Threat Intelligence's senior manager of analysis, on the hack.

The US Justice Department indicted two Chinese nationals for hacking defense contractors, COVID researchers, and hundreds of other victims worldwide, according to a court filing published on Tuesday.

US authorities said the Chinese nationals, Li Xiaoyu and Dong Jiazhi, participated in a multiyear cyber espionage campaign that stole weapons designs, drug information, software source code as well as targeting dissidents and Chinese opposition figures.

Contact details for Li and Dong were not immediately available. The Chinese Embassy in Washington did not immediately return a message seeking comment. Beijing has repeatedly denied hacking the United States and other rival powers.

The indictment did not name any companies, but officials said the investigation was triggered when the hackers broke into the Hanford Site, a decommissioned US nuclear production complex in eastern Washington state.

A projection of cyber code on a hooded man is pictured in this illustration picture taken on 13 May, 2017. Image: Reuters

A projection of cyber code on a hooded man is pictured in this illustration picture taken on 13 May, 2017. Image: Reuters

The indictment said that Li and Dong stole terabytes of data from computers around the world, including the United States, Britain, Germany, Australia, and Belgium. US Attorney William Hyslop said "there are hundreds and hundreds of victims in the United States and worldwide."

Li and Dong were "one of the most prolific group of hackers we've investigated," said FBI Special Agent Raymond Duda, who heads the agency's Seattle field office. He said the pair was implicated in the theft of hundreds of millions dollars in intellectual property.

(Also read: Cozy Bear: Everything we know about the hackers reportedly targeting COVID-19 vaccine research)

The document alleges that Li and Dong acted as contractors for China's Ministry of Security, or MSS, a comparable agency to the US Central Intelligence Agency. The MSS, prosecutors said, supplied the hackers with information into critical software vulnerabilities to penetrate targets and collect intelligence. Among those targeted were Hong Kong protesters, the office of the Dalai Lama, and a Chinese Christian non-profit.

Assistant Attorney General for National Security John Demers said in a virtual press conference that the hackers occasionally worked on their own account, including a case in which Li allegedly tried to extort $15,000 in cryptocurrency from a victim.

Demers said China had joined the "shameful club of nations who provide a safe haven for cybercriminals" in exchange for their services stealing intellectual property.

One expert said the indictment showed the "extremely high value" that governments such as China placed on COVID-related research.

"This indictment shows the extremely high value that all governments, including China, place on COVID-19 related information. It is a fundamental threat to all governments around the world and we expect information relating to treatments and vaccines to be targeted by multiple cyber-espionage sponsors. Mandiant has tracked this group since at least 2013, the targeting and description of their TTP is consistent with what we have observed," said Ben Read, Senior Manager of Analysis, FireEye Mandiant Threat Intelligence.

"The Chinese government has long relied on contractors to conduct cyber intrusions. Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations. The pattern described in the indictment where the contractors conducted some operations on behalf of their government sponsors, while others were for their own profit is consistent with what we have seen from other China-nexus groups such as APT41.” he added.

"Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations," Read said.

The indictment alleged that hackers operated from 2014 to 2020 and most recently attempted to steal cancer research.

With inputs from Reuters.


Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.