US charges two hackers linked to Chinese intelligence

US charges two hackers linked to Chinese intelligence

U.S. prosecutors unsealed an indictment Thursday against two members of a notorious Chinese cyber-espionage group, the latest in a string of charges brought against Chinese nationals involved in stealing trade secrets and other sensitive information from U.S. businesses and other entities.

Zhu Hua and Zhang Shilong, described in the indictment as members of the hacking group known as Advanced Persistent Threat 10 (APT 10), are accused of carrying out a global campaign of cyber intrusions over a 12 year period, hacking computers in at least a dozen countries, including the U.S. and the U.K., and giving China’s intelligence service access to sensitive business information, according to the 23-page indictment.

Working in concert with China’s main intelligence service, the two hackers and other unidentified members of APT 10 targeted the data management service providers (MSPs) of U.S. government agencies, more than 45 technology firms in the U.S., and governments around the world.

The cyber campaign resulted in the theft of hundreds of gigabytes of sensitive data hacked from a broad swath of companies.

US Navy hacked

In one instance, prosecutors allege, the hacking group compromised more than 40 computers belonging to the U.S. Navy, stealing the names, social security numbers, dates of birth, salary information, personal phone numbers and email addresses of more than 100,000 Navy personnel.

“When hackers gain access to (managed service providers), they can steal sensitive information that gives competitors an unfair advantage,” Deputy U.S. Attorney General Rod Rosenstein said. “This is outright cheating and theft, and it gives China an unfair advantage at the expense of law-abiding businesses that follow the international rules in return for the privilege of participating in the global economic system.”

APT 10 is one of the most prolific cyber-espionage groups in the world, said Ben Read of cybersecurity firm FireEye.

Historically, the group has targeted companies in construction and engineering, aerospace and military, telecommunications and high-tech sectors as well as government entities, Read said, describing the group as “well-resourced” and a “global threat.”

Zhu and Zhang remain at large. They face charges of conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated theft.

On Friday, China’s Foreign Ministry said it resolutely opposed the accusations and urged Washington to withdraw its accusations.

“We urge the U.S. side to immediately correct its erroneous actions and cease its slanderous smears relating to internet security,” the ministry said, adding that it would take necessary measures to safeguard its own cybersecurity and interests.

Companies targeted

The charges come as the U.S. Justice Department has stepped up a campaign of prosecuting Chinese economic and cyber-espionage, bringing a total of 10 cases this year, including three cases involving espionage carried out on behalf of China’s Ministry of State Security, the country’s main intelligence service.

The charges also come against a backdrop of rising tensions between Washington and Beijing over trade and Chinese theft of U.S. intellectual property, raising questions over their timing. Officials, however, dismissed those questions.

In announcing the latest case, officials took China to task for violating commitments made in 2015 by Chinese President Xi Jinping to the U.S. and other countries to refrain from engaging in cyber-espionage “with the intent of providing competitive advantages to companies or commercial actors.”

“These actions by Chinese actors to target intellectual property and sensitive business information present a very real threat to the economic competitiveness of companies in the United States and around the globe,” Secretary of State Mike Pompeo and Secretary of Homeland Security Kirstjen Nielsen said in a joint statement.

British foreign secretary Jeremy Hunt described the alleged Chinese cyber campaign as “one of the most significant and widespread cyber incursions against the U.K. and allies,” saying it violated commitments Xi made to the U.K. in a bilateral agreement.

“Our message to governments prepared to enable these activities is clear: together with our allies, we will expose your actions and take other necessary steps to ensure the rule of law is upheld,” Hunt said.
Long-term effort

FBI Director Christopher Wray described the Chinese government’s campaign of cyber-espionage as part of a broader, long-term effort by China to surpass the United States as a superpower.

“As evidenced by this investigation, the threats we face have never been more severe or more pervasive or more damaging to our national security, and no country poses a broader, more severe long-term threat to our nation’s economy and cyber infrastructure than China,” Wray said. “China’s goal, simply put, is to replace the U.S. as the world’s leading superpower, and they’re using illegal methods to get there.”

China has repeatedly denied the U.S. accusations of engaging cyber aggression. However, persistent concerns about Chinese cyber-espionage by then-Attorney General Jeff Sessions last month to form a group within the Justice Department’s national security division to investigate and prosecute “priority Chinese trade theft cases.”

“Chinese economic espionage against the United States has been increasing and it has been increasing rapidly,” Sessions said in announcing the group’s creation. “Enough is enough. We’re not going to take it anymore.

latest stories