Thursday, July 23, 2020

Hackers charged with 10 years of cyber spying on governments and private corporations



A federal grand jury in Spokane, Washington, earlier this month indicted two hackers, both nationals and residents of the People’s Republic of China, for their alleged involvement in a massive global hacking operation that targeted hundreds of companies and governments for more than a decade.

The defendants alleged broke into the computer systems of hundreds of victim companies, governments, non-governmental organizations, and individual dissidents, clergy, and democratic and human rights activists in the United States and abroad, including Hong Kong and China. 

The accused pair in some instances acted for their own personal financial gain, and in others for the benefit of the MSS or other Chinese government agencies. The hackers stole terabytes of data which comprised a sophisticated and prolific threat to U.S. networks.

The 11-count indictment alleges LI Xiaoyu (李啸宇), 34, and DONG Jiazhi (董家志), 33, who were trained in computer applications technologies at the same Chinese university, conducted a hacking campaign lasting more than ten years to the present, targeting companies in countries with high technology industries, including the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom. 

Targeted industries included, among others, high tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; defense. 

In at least one instance, the hackers allegedly sought to extort cryptocurrency from a victim entity, by threatening to release the victim’s stolen source code on the Internet. More recently, the defendants supposedly probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments.

The charges were announced by Assistant Attorney General for National Security John C. Demers; FBI Deputy Director David Bowdich; U.S. Attorney for the Eastern District of Washington William D. Hyslop; and Special Agent in Charge of the FBI’s Seattle Field Division Raymond Duda.

The alleged hackers were first discovered after they targeted a US Department of Energy network in Hanford, Washington, the Justice Department said. The hackers also targeted companies in Australia, South Korea and several European nations. The hackers used known but unpatched vulnerabilities in widely used web server software to break into their victims’ networks. By gaining a foothold onto the network, the hackers installed password-stealing software to gain deeper access to their systems. The prosecutors said that the hackers would “frequently” return to the networks — in some cases years later.

The defendants used their initial unauthorized access to place malicious web shell programs (e.g., the “China Chopper” web shell) and credential-stealing software on victim networks, which allowed them to remotely execute commands on victim computers, according to court documents.

The defendants frequently returned to re-victimize companies, government entities, and organizations from which they had previously stolen data, in some cases years after the initial successful data theft. In several instances, however, the defendants were unsuccessful in this regard, due to the efforts of the FBI and network defenders.

If prosecuted, the hackers could each face more than 40 years in prison. But since the hackers are believed to still be in China, any extraditions to the U.S. are unlikely.

“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Assistant Attorney General for National Security John C. Demers.



No comments:

Post a Comment