Four Chinese nationals working with China’s top intelligence agency have been charged in a global hacking campaign to steal trade secrets and sensitive information from companies, universities, and government bodies.
The charges were announced as the United States and allies in a coordinated push on Monday condemned the Chinese regime for sponsoring “malicious” cyberattacks against targets around the world. China’s Ministry of State Security (MSS), the regime’s chief intelligence agency, is behind the deployment of these hackers, they said. The United States also attributed the massive hack of Microsoft disclosed earlier this year to hackers working for the MSS.
The hackers charged were sponsored by the MSS and focused their theft on information that would significantly benefit Chinese companies, such as research and development processes, according to a statement by the Justice Department.
The defendants and officials in the Hainan State Security Department, a provincial arm of the MSS, tried to hide the Chinese regime’s role in the hacks by using a front company, according to the indictment, which was returned in May and unsealed Friday.
The campaign, active from 2011 to 2018, targeted trade secrets in an array of industries including aviation, defense, education, government, health care, biopharmaceutical, and maritime industries, the Justice Department said.
Victims were in Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland, the United Kingdom, and the United States.
Prosecutors allege the hackers stole foreign information to help Chinese state-owned companies to secure contracts in the targeted companies, such as a large high-speed railway project. The group also targeted research institutes and universities for infectious-disease research relating to Ebola, MERS, HIV/AIDS, Marburg, and tularemia, the department said.
“These criminal charges once again highlight that China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments,” Deputy U.S. Attorney General Lisa Monaco said in the statement.
It said the two-count indictment alleges that Ding Xiaoyang, Cheng Qingmin, and Zhu Yunmin were HSSD officers responsible for coordinating computer hackers and linguists at the front companies.
The fourth defendant, Wu Shurong, an employee at front company Hainan Xiandun Technology Development Co. Ltd., “created malware, hacked into computer systems operated by foreign governments, companies and universities, and supervised other Hainan Xiandun hackers,” the Justice Department said.
BY FRANK FANG