DoJ Charges Two Chinese Hackers Of IP And Coronavirus Vaccine Theft

The US Department of Justice (DoJ) has issued formal charges against two Chinese nationals, accused of stealing hundreds of millions of dollars’ worth of trade secrets and intellectual property.

The DoJ in its charge sheet also alleges the two Chinese nationals recently targeting researchers developing a vaccine for the coronavirus.

It comes after both UK and US intelligence agencies warned last week that Russian hacking group APT29 (also known as Cozy Bear) was actively targeting researchers developing a Covid-19 vaccine.

Government hackers

The two Chinese hackers indicted by the US DoJ are alleged to have carried out a prolific, 11-year global campaign that allegedly saw them steal software source code, weapons design material and pharmaceutical intellectual property.

Starting in September 2009, through to July 2020, the two allegedly stole “terabytes” of sensitive data.

The two men are named as LI Xiaoyu, aged 34, and DONG Jiazhi, aged 33 hacked a range of technology industries in the UK, US, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea and Sweden.

The two also threatened to publish source code of one of the victims, in an attempt to extort the victim.

The US DoJ made clear the two were not hacking for themselves, but were doing so on behalf of the Chinese government, namely the PRC Government’s Ministry of State Security (MSS).

The US indictment even published photographs of the buildings in Guangzhou were two MSS officers (who assisted and controlled the two Chinese hackers) worked as “researchers” at the Guangzhou Province International Affairs Research Centre.

These ‘researchers’ where in fact intelligence officers working for the Guangzhou State Security Department.

Among the data the two Chinese hackers are alleged to stolen, includes information about military satellite programs; military wireless networks and communications systems; high powered microwave and laser systems; a counter-chemical weapons system; and ship-to-helicopter integration systems.

The US charges come as the US ordered the closure of a Chinese consulate in Houston Texas, where staff were allegedly seen burning documents.

Same risk

Security experts warned that hackers can be simple criminals or indeed government-backed hackers, but the risks they pose remains the same.

“Underestimating the size of a cyberattack can be the most dangerous error of misjudgement a company can make,” said Jake Moore, cybersecurity specialist at ESET.

“Threat actors come in all shapes and sizes from solo artists to criminal network organisations spanning multiple countries,” said Moore. “It shouldn’t be assumed that the bigger the hacker network, the more damage can be caused.”

“Prepare for the worst yet protect in the best way possible,” said Moore. “It essentially helps to assume that each threat actor has the same capability with the ability to cause some serious damage.”

“Threat actors are constantly looking for vulnerabilities and much can be learnt from previous attacks,” Moore concluded. “Learning about different attack vectors and training your employees about such threats is vital. Using the right protection software, keeping up to date with the latest patches and updating automatically all help hinder those risks which may thwart an attack.”

Covid-19 vaccines

Meanwhile another expert pointed to the fact that these Chinese hackers were also targeting research into Covid-19 vaccines.

“This indictment shows the extremely high value that all governments, including China, place on Covid-19 related information,” said Ben Read, senior manager of analysis at Mandiant Threat Intelligence.

“It is a fundamental threat to all governments around the world and we expect information relating to treatments and vaccines to be targeted by multiple cyber espionage sponsors,” said Read. “Mandiant has tracked this group since at least 2013, the targeting and description of their TTPs is consistent with what we have observed.”

“The Chinese government has long relied on contractors to conduct cyber intrusions,” said Read. “Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations.”

“The pattern described in the indictment where the contractors conducted some operations on behalf of their government sponsors, while others were for their own profit is consistent with what we have seen from other China-nexus groups such as APT41,” Read concluded.

Do you know all about security? Try our quiz!