Chinese nationals Li Xiaoyu (above), 34, and Dong Jiazhi, 31, allegedly stole ‘hundreds of millions of dollars’ in trade secrets, intellectual property and other valuable business information’ in a sophisticated ploy of a decade.
The Justice Department said on Tuesday it had accused two Chinese hackers of attempting to steal U.S. research into COVID-19 and other sensitive government information.
Chinese nationals Li Xiaoyu, 34, and Dong Jiazhi, 31, are said to have stolen hundreds of millions of dollars in trade secrets, intellectual property and other valuable business information in a sophisticated ploy by a decade.
They are accused of hacking hundreds of businesses, government organizations, dissidents, human rights activists and private companies, including those engaged in research into the COVID-19 vaccine.
The government said the plot, which allegedly began in 2009, was not only carried out for their personal financial gain, but also for the benefit of the Chinese government.
“Hackers stole terabytes of data that posed a sophisticated and prolific threat to US networks,” Assistant National Security Attorney General John Demers told a news conference in New York.
They allegedly raped defense contractors and stole sensitive military information, prosecutors said, including on military satellite programs and communications systems.
The indictment says the two were assisted by an anonymous Chinese intelligence officer who is known to the grand jury.
The government said the plot, which allegedly began in 2009, was not only carried out for financial gain, but also for the benefit of the Chinese government.
The two men were indicted by a grand jury for the alleged hacking campaign, which targeted not only companies in the United States, but also in Australia, Belgium, Germany, Japan, Lithuania, the Netherlands , Spain, South Korea, Sweden and the United States. Kingdom.
Their targets included high-tech manufacturers, medical device makers, civil and industrial engineers, gaming software makers, solar power companies, pharmaceutical manufacturers and defense contractors, the said. DOJ.
Among the 13 U.S. victims were the Department of Education’s Hanford site in Washington, a California technology and defense company, a Maryland technology and manufacturing company, a Texas engineering company, a Defense of Virginia, a Massachusetts software company, a California games software company, and several American drug makers.
“In at least one instance, hackers have sought to extort cryptocurrency from a victim entity, threatening to disclose the victim’s stolen source code on the Internet,” the FBI said. “More recently, defendants have probed vulnerabilities in the computer networks of companies developing COVID-19 vaccines, testing technologies and treatments. “
None of the companies or parties involved were named in the indictment.
The inclusion of the coronavirus victim comes as U.S. security agencies have warned China seeks to gain the upper hand in the global search for a vaccine.
The FBI warned in May that Chinese government hackers were “observed attempting to illicitly identify and obtain valuable intellectual property and public health data related to vaccines, treatments and tests from networks and staff affiliated with research related to COVID-19 ”.
There was no immediate indication in the indictment that the hackers had succeeded in obtaining information relating to COVID-19 research, despite efforts to snoop on the companies.
But prosecutors say that in January, the defendants scouted the computer network of a Massachusetts biotech company known to search for a potential vaccine and searched for vulnerabilities in the network of a lesser Maryland company. a week after stating that she was doing similar science activities. job.
Demers said the hackers’ actions were “real examples” of two worrying trends.
“China is using cyber intrusions as part of its ‘steal, replicate and replace’ technology development strategy,” Demers said.
The prosecutor added that Beijing “also provides a safe haven for hackers who, as in this case, hack in part for their own profit but are ready to help the state and on call to do so.”
They are accused of hacking hundreds of businesses, government organizations, dissidents, human rights activists and private companies, including those engaged in research into the COVID-19 vaccine
Demers claimed that China has stepped up its brazen efforts to engage in theft and espionage through computer intrusions in violation of its international commitments.
“China has now taken its place, alongside Russia, Iran and North Korea in this shameful club of nations that provide a safe haven for cybercriminals in return for these ‘on-call’ criminals for working for the benefit of the state, here to feed the Chinese Communist Party’s insatiable thirst for the hard-won intellectual property of American and non-Chinese companies, including COVID-19 research, ”Demers said.
FBI Deputy Director David Bowdich shared the Demers’ feelings. He accused China of stealing “the intellectual property and research that sustains its economy, and then they use this illicit gain as a weapon to silence any country that dares to challenge their illegal actions.
“This type of economic coercion is not what we expect from a trusted world leader. This is what we expect from an organized crime syndicate.
Li and Dong’s indictment marks the first time the United States has accused suspected Chinese hackers of working not only to get rich, but also on behalf of their home government.
The Chinese government has consistently denied carrying out or sponsoring hacks of foreign networks for the purpose of economic espionage.
The country has been criticized by the Trump administration and a number of other world leaders for downplaying and failing to contain the coronavirus, which originated in Wuhan in 2019.
China strongly opposed these accusations and accused the United States of using the global pandemic as a political pawn.
The country has yet to respond to the charges against Li and Dong.