On Tuesday, the United States Justice Department revealed charges against two people for hacking hundreds of organizations around the world, including governments and COVID-19 respondents.
The two, Li Xiaoyu, 34, and Dong Jiazhi, 33, both Chinese citizens and residents, are accused of having conducted computer intrusion activities for more than 10 years on behalf of the Chinese Government.
The two victims include governments, NGOs, businesses, human rights advocates, clergy and protestors in the United States , the United Kingdom , Australia, Germany , Japan, the Netherlands, South Korea and more.
Li and Dong, the DoJ says, have targeted a wide range of industries including high-tech manufacturing, electronics , software, wind, pharmaceutical, and defence. Recently they have been targeting organizations’ networks “developing vaccines for COVID-19, testing technologies, and treatments,” says DoJ.
According to the 11-count indictment, hackers used RAR files to exfiltrate data, modified file names and timestamps, and hid programs and documents in the compromised networks, including the victim’s Recycle Bin, at different locations.
The indictment charges that the two conspired to deprive eight victims of trade secrets, including production methods, pharmaceutical chemical structures, source code, product designs, and test mechanisms and tests.
“Such information will provide a market advantage for rivals by providing insight into patented business strategies and saving on research and development costs while developing new products,” says the DoJ.
The hackers reportedly stole passwords, intellectual property, and other data worth hundreds of millions of dollars, and even threatened to extort at least one of the victims, threatening to make the stolen information public unless they paid a ransom.
Li and Dong, the indictment claims, often operated for their own benefit, but also engaged in stealing information that was of interest to the Chinese State Security Ministry (MSS) and was supported by an officer of the MSS who was not identified by the DoJ.
The indictment shows that, working on behalf of the MSS, the two stole information on military satellite programs and wireless networks and communications systems, but also data on counter-chemical weapons systems, and ship-to-helicopter integration systems.
In addition, they are suspected of supplying their victims with personal information stolen from the MSS including Chinese dissident email passwords. The hackers have been targeting victims worldwide for years, while enjoying safe haven in China, “for the good of the MSS and their own personal gain.”
The hackers targeted established intrusion vulnerabilities in common applications (including those in web server programs, mobile app creation packages, and collaborative software programmes). In certain cases, they used newly discovered security bugs to deploy available patches before a majority of users can.
The indictment also accuses both of installing web shells on victim networks and of regularly using the China Chopper web shell — the tool is common among Chinese hackers — in order to retain access to the compromised environments. They also secured passworded access to the site shells.
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations which provide a safe haven for cyber criminals in exchange for those criminals who are ‘on call’ to work for the benefit of the state, here to feed the insatiable appetite of the Chinese Communist Party for hard-earned intellectual property of American and other non-Chinese companies, like COVID-19 research,” said Assistant Attorney General for National Security John C. Demers.