View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 21, 2020updated 22 Jul 2020 2:47pm

Chinese Hackers Indicted on 11 Counts, Including Attack on British AI Firm

Duo helped steal "terabytes" of data from high technology firms

By CBR Staff Writer

Two Chinese hackers have been indicted today by the US Department of Justice (DOJ) for a prolific, 11-year global campaign that allegedly saw them steal software source code, weapons design material and pharmaceutical intellectual property.

Starting in September 2009, through to July 2020, the two allegedly stole “terabytes” of sensitive data. Among their most recent alleged global victims: an unnamed UK “Artificial Intelligence and cancer research firm”, dubbed “Victim 25”.

The 11-count indictment alleges that LI Xiaoyu (李啸宇), 34, and DONG Jiazhi (董家志), 33 hacked a range of technology industries in the UK, US, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea and Sweden.

chinese hackers indictedThe two, who went to the same college, exploited known software vulnerabilities in popular web server software, web application development suites, and software collaboration programs.

See also: The Top 10 Most Exploited Vulnerabilities

They then used a wide range of variants on the “China Chopper” web shell to manipulate compromised web servers into acting as network gateways, packaged victim data in compressed RAR files that they disguised as jpgs, and saved them in victim’s recycle bins for later exfiltration, a DOJ indictment published today reveals.

(The indictment is the latest sign that western intelligence services are being increasingly organised and bullish in conducting counter-intelligence work that can lead to detailed, highly public indictments with the potential for political impact. The DOJ thanked the NSA and FBI for leading the investigation).

US, Partners “will not stand idly by to this threat”

“Today’s indictment demonstrates the serious consequences the Chinese MSS and its proxies will face if they continue to deploy malicious cyber tactics to either steal what they cannot create or silence what they do not want to hear,” said FBI Deputy Director David Bowdich. “Cybercrimes directed by the Chinese government’s intelligence services… seriously undermine China’s desire to become a respected leader in world affairs. The FBI and our international partners will not stand idly by to this threat, and we are committed to holding the Chinese government accountable.”

Content from our partners
Signs your accounting software is no longer fit for your growing business
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion

“The cybercrime hacking occurring here was first discovered on computers of the Department of Energy’s Hanford Site in Eastern Washington” the DOJ said.

“The computer systems of many businesses, individuals and agencies throughout the United States and worldwide have been hacked and compromised with a huge array of sensitive and valuable trade secrets, technologies, data, and personal information being stolen.  The hackers operated from China both for their own gain and with the assistance and for the benefit of the Chinese government’s Ministry of State Security.”

Ben Read, Senior Manager of Analysis, Mandiant Threat Intelligence, noted: “This indictment shows the extremely high value that all governments, including China, place on COVID-19 related information. It is a fundamental threat to all governments around the world and we expect information relating to treatments and vaccines to be targeted by multiple cyber espionage sponsors.

He added: The Chinese government has long relied on contractors to conduct cyber intrusions. Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations. The pattern described in the indictment where the contractors conducted some operations on behalf of their government sponsors, while others were for their own profit is consistent with what we have seen from other China-nexus groups such as APT41.”

Banner image shows the Guangzhou facility the two allegedly worked from. Credit: DOJ

See also: Russian Malware Kingpin Named as Head of “Evil Corp” by NCA, FBI

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU