Two Chinese hackers working for China's Ministry of State Security (MSS) have been indicted by a U.S. court for targeting multiple organisations in several countries with cyber attacks in order to gain access to precious intellectual property, including COVID-19 research data.
Xiaoyu Li and Jiazhi Dong were indicted on eleven counts by a federal grand july in Washington for carrying out cyber attacks and hacking into the networks of a large number of companies, governments, non-governmental organisations, and individual dissidents, clergy, and democratic and human rights activists.
These victim companies, other entities, and individuals were located in the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom and targeted industries included high tech manufacturing, medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals, and defense.
The primary motive of the two Chinese hackers for targeting these organisations was to steal precious intellectual property from high technology industries for the benefit of the MSS or other Chinese government agencies. Sometimes, the hackers also tried to extort cryptocurrency from victims by threatening to release their files on the Internet and in recent days, they probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments.
As per court records, the hackers usually exploited publicly known software vulnerabilities in popular web server software, web application development suites, and software collaboration programs as well as insecure default configurations in common applications to infiltrate IT networks and steal confidential information stored in vulnerable databases.
Once they gained entry into vulnerable networks, the hackers placed malicious web shell programmes and credential-stealing software to remotely execute commands on victim computers. They also tried to hide their activities by packaging victims' data in RAR files, changing RAR file and victim documents’ names and extensions, and concealing programmes and documents at innocuous-seeming locations on victim networks.
China providing safe haven to hackers by letting them work for its own benefit
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Assistant Attorney General for National Security John C. Demers.
FBI Deputy Director David Bowdich said that the indictment of two Chinese hackers demonstrates the serious consequences the Chinese MSS and its proxies will face if they continue to deploy malicious cyber tactics to either steal what they cannot create or silence what they do not want to hear.
“Cybercrimes directed by the Chinese government’s intelligence services not only threaten the United States but also every other country that supports fair play, international norms, and the rule of law, and it also seriously undermines China's desire to become a respected leader in world affairs,” he added.
“The complicated nature of cyber investigations is only exacerbated when the criminal is backed by the resources of a foreign government. The nature and value of the material stolen by these hackers cannot just be measured in dollars and was indicative of being state driven. This case demonstrates the FBI's dedication to pursuing these criminals no matter who is sanctioning their activities,” said Special Agent in Charge Raymond Duda of the FBI’s Seattle Division.
State-sponsored Chinese hackers responsible for Marriott data breach
Chinese hackers targeted global telecommunications providers for years
Chinese hackers intercepted E.U. diplomatic cables for several years
UK-based think tanks frequently targeted by Chinese hackers in 2017