Federal prosecutors on Tuesday charged two Chinese men with hacking hundreds of U.S. and foreign companies, nongovernmental organizations and human rights activists, as well as trying to hack three U.S. firms researching the coronavirus.
The action marks an escalation of Washington’s war with Beijing over intellectual property theft and espionage.
Beginning in September 2009, the two men, Li Xiaoyu and Dong Jiazhi, stole “hundreds of millions of dollars’ worth of trade secrets, intellectual property, and other valuable business information,” according to an indictment unsealed in the Eastern District of Washington. Their alleged victims included high-tech manufacturing firms, pharmaceutical companies and the makers of educational software and medical equipment. Victim companies were located in the U.S., Australia, Germany, Japan, South Korea and other countries.
In some cases, the men allegedly acted out of self-interest, in one instance attempting to extort a victim into paying a ransom by threatening to publish their intellectual property. In other cases, prosecutors said, “they were stealing information of obvious interest” to the Chinese government. The hackers “worked with, were assisted by, and operated with the acquiescence of” an officer in China’s Ministry of State Security, according to the indictment.
The hackers allegedly breached defense contractors and stole sensitive military information, prosecutors said, including about military satellite programs and communications systems.
Other operations also showed signs of foreign-policy motivations. Li and Dong allegedly provided their Chinese government contact with the passwords of human rights activists, including a community organizer in Hong Kong and a former Tiananmen Square protester.
In late January and early February, as the coronavirus ravaged China, Li tried to find security vulnerabilities in the networks of biotech firms in Maryland, Massachusetts and California that were studying coronavirus vaccines and treatments, according to the indictment.
The case epitomizes what senior Trump administration officials have called the “blended threat” — an emerging trend of foreign governments using private hackers as proxies. The U.S. has previously charged Russian, Iranian and North Korean hackers for such operations.
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” John Demers, who heads the Justice Department’s National Security Division, said in a statement.
The inclusion of a coronavirus-related victim in the latest case comes as U.S. security agencies warn that China is seeking to gain the upper hand in the global race for a vaccine.
Chinese government hackers “have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research,” the FBI and the DHS Cybersecurity and Infrastructure Security Agency said in a May alert. “The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.”
Cyber intrusions into research labs can slow down their critical work, officials say, by forcing scientists to pause vital research, raise the alarm among colleagues and review their data to determine if the hackers tampered with it.
Senior administration officials and congressional Republicans have highlighted the cyberattacks to bolster President Donald Trump’s broader case against China, which remains locked in a long-running trade war with the U.S.
In May, Secretary of State Mike Pompeo called the intrusions “an extension of [China’s] counterproductive actions throughout the COVID-19 pandemic.”
Days later, Sen. Marsha Blackburn (R-Tenn.) tweeted, “The Chinese Communist Party is notorious for stealing American technology to make up for China’s inability to self-innovate. A cure for COVID-19 is next on their list of things to steal.”
Beijing has consistently denied hacking into companies researching the virus.
China has conducted a broader effort to steal intellectual property to benefit its domestic industries in recent years. Chinese agents have aggressively targeted third-party IT contractors known as “managed service providers,” leap-frogging from these contractors into the networks of their high-value clients. In December 2018, the U.S. charged two Chinese cyber criminals with a 12-year campaign that hit MSPs, dozens of tech firms and multiple government agencies.