Yesterday, the US Department of Justice (DoJ) announced allegations against two Chinese nationals for their suspected involvement in a 10-year old campaign of hacking directed at activists, government institutions and hundreds of organizations in 11 countries.
The indictment says LI Xiaoyu (李啸宇) and DONG Jiazhi (董家志) have stolen TeraBites of confidential data from various targets, including from companies developing COVID-19 vaccines, testing technologies and treatments. The accused individuals have operated both for personal financial gain, as well as on behalf of China’s Ministry of State Security.
According to John C. Demers, Assistant Attorney General that leads the DoJ’s National Security Division, China, along with Russia, Iran and North Korea, has now taken its place in the disgraceful club of nations that offer safe refuge for cyber criminals in exchange for engaging them to operate for state’s sake and satisfy the insatiable appetite of the Chinese Communist Party for hard-won intellectual property of US and other non-Chinese enterprises, such as the Covid-19 research.
The individuals that the U.S. Federal Bureau of Investigation wants have been accused of numerous crimes, including the compromise of the U.S. Department of Energy network in Hanford, host of a decommissioned nuclear production complex in Washington state.
Apart from this abuse, LI Xiaoyu and DONG Jiazhi have been kept responsible for obtaining trade secrets and other sensitive business details by infiltrating the networks of firms covering the high tech development, industrial engineering, defense, educational software and pharmaceutical sectors.
The DoJ explained that, aside from the United States, victims of the crimes of the accused individuals are organizations based across Australia, Germany, Japan, the Netherlands, Spain, South Korea, Sweden, United Kingdom and a few more countries. The crooks coordinated targeted cyberattacks throughout the period of over 10 years, from September 2009 to July 2020.
According to the indictment, the hackers exploited fresh security flaws in common applications that have still not been fixed. The two perpetrators also used credential-stealing tools and exploited web shells to run malicious programs and transfer data as compressed RAR archives. They masked the data archives extensions to “.JPG,” which would cover up the exfiltration mechanism.
The stolen data, according to Doj, is estimated to hundreds of GigaBytes and consists of source code, details on active development drugs, weapon designs and personal data.
Moreover, all the harmful operations were carried out inside the Recycle bin of target Windows systems, using it to load the executables into particular directories and to store the RAR archives.
In their most recent attacks, the hackers attempted to exploit vulnerabilities in computer networks of companies involved in developing COVID-19 vaccines, treatments and testing technologies.
This information has been revealed just months after FBI and Homeland Security warned that China has been actively trying to steal data from organizations involved in Covid-19 researches and has added up to the tension between U.S. and China’s national security concerns.
Li and Dong are convicted of data stealing, identity theft, participation in wire fraud scheme, corporate secrets theft and violation of anti-hacking laws, all of which can give them a sentence of more than 40 years.