Breaking News

US Charges Two Chinese Nationals After Hacking COVID -19 Vaccine Researches

U.S. prosecutors have charged two Chinese nationals, said to be working for China’s state intelligence bureau,who allegedly spied on US companies doing coronavirus research and got help from state agents for other thefts.

The 11-count indictment, unsealed Tuesday, alleges Li Xiaoyu, 34, and Dong Jiazhi, 33, stole terabytes of data from high-technology companies, around the world — including the United States, the prosecutors said.

More recently, the prosecutors accused the hackers of targeting the networks of over a dozen U.S. companies in Maryland, Massachusetts and California developing vaccines and treatments for COVID-19.

The indictment comes just weeks after both the FBI and Homeland Security warned that China was actively trying to steal U.S. research data related to the coronavirus pandemic.

Li and Dong allegedly stole terabytes of data from computers around the world - including the US, Britain, Germany, Australia and Belgium - while acting as contractors for China's Ministry of Security (MSS).

The MSS, prosecutors said, had supplied the hackers with information that allowed them to infiltrate targets and collect intelligence.

The hackers were first discovered after they targeted a U.S. Department of Energy network in Hanford, Washington, the Justice Department said. The hackers also targeted companies in Australia, South Korea and several European nations. The hackers used known but unpatched vulnerabilities in widely used web server software to break into their victims’ networks. By gaining a foothold onto the network, the hackers installed password-stealing software to gain deeper access to their systems. The prosecutors said that the hackers would “frequently” return to the networks — in some cases years later.

According to the indictment, the hackers stole “hundreds of millions of dollars” worth of trade secrets and intellectual property. 

The hackers are said to have targeted their victims on behalf of China’s intelligence services, but also hacked for personal financial gain. Prosecutors said in one case, the hackers “sought to extort cryptocurrency” from a victim company by threatening to publish the victim’s stolen source code online.

John C. Demers, U.S. assistant attorney general for national security, said that the indictments were “concrete examples” of how China used hackers to “rob, replicate and replace” non-Chinese companies in the global marketplace.

Demers also accused China of providing a safe-haven for the hackers.

“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Demers.

“The Chinese government has long relied on contractors to conduct cyber intrusions,” said Ben Read, senior manager of analysis at Mandiant, in an email. “Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations.”

“The pattern described in the indictment where the contractors conducted some operations on behalf of their government sponsors, while others were for their own profit is consistent with what we have seen from other China-nexus groups such as APT41,” he said, referring to the Chinese advanced persistent threat group associated with the indictment.

If prosecuted, the hackers could each face more than 40 years in prison. But since the hackers are believed to still be in China, any extraditions to the U.S. are unlikely.

The prosecutors also allege that the hackers stole data related to military satellite programs, military wireless networks and high-powered microwave and laser systems from defense contractors.

No comments