Justice Department charges two Chinese hackers with stealing US research

A federal grand jury in Spokane, Wash., indicted two hackers from the People’s Republic of China for alleged cyberattacks on hundreds of computer systems of companies, governments, non-governmental organizations, and individuals in the United States and abroad.

Officials alleged the global computer intrusion campaign targeted intellectual property and confidential business information, including COVID-19 research.

Li Xiaoyu, 34, and Dong Jiazhi, 33, were each charged with one count of conspiracy to commit computer fraud; one count of conspiracy to commit theft of trade secrets; one count of conspiracy to commit wire fraud; one count of unauthorized access of a computer; and seven counts of aggravated identity theft.

“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” Assistant Attorney General for National Security John Demers said.

The defendants allegedly conducted a hacking campaign that lasted more than 10 years, targeting companies in the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom. Targeted industries included, among others, high-tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; defense. More recently, the defendants probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments.

According to the indictment, the defendants primarily exploited publicly known software vulnerabilities in popular web server software, web application development suites, and software collaboration programs. They also targeted insecure default configurations in common applications, using malicious web shell programs (e.g., the “China Chopper” web shell) and credential-stealing software on victim networks. This allowed them to remotely execute commands on victim computers. To conceal the theft of information, they typically packaged victim data in encrypted Roshal Archive Compressed files (RAR files), changed RAR file and victim documents’ names and extensions, and concealed programs and documents in recycle bins and innocuous-seeming locations.

The Justice Department said the defendants acted for their own personal financial gain in some cases and for the benefit of Chinese government agencies in others.

“Today’s indictment demonstrates the serious consequences the Chinese MSS and its proxies will face if they continue to deploy malicious cyber tactics to either steal what they cannot create or silence what they do not want to hear,” FBI Deputy Director David Bowdich said. “Cybercrimes directed by the Chinese government’s intelligence services not only threaten the United States but also every other country that supports fair play, international norms, and the rule of law, and it also seriously undermines China’s desire to become a respected leader in world affairs. The FBI and our international partners will not stand idly by to this threat, and we are committed to holding the Chinese government accountable.”

U.S. Rep. Michael McCaul (R-TX), Republican leader on the House Foreign Affairs Committee, said the indictment sends a powerful message to those looking to exploit the pandemic.

“Today, we made it clear these actions will not be tolerated,” McCaul said.