The Justice Department on Thursday unsealed charges against two hackers linked with China’s civilian intelligence agency for a lengthy campaign to break into global technology service providers in efforts to steal intellectual property.
The hackers also targeted more than 45 companies and government agencies, including sectors ranging from aviation to pharmaceuticals, along with the U.S. Navy, a Department of Energy laboratory, and NASA, prosecutors alleged. The defendants stole the Social Security numbers and other personal information of over 100,000 Navy personnel, U.S. officials said.
“The list of victim companies reads like a who’s who of the global economy,” FBI Director Christopher Wray said while announcing the charges. Companies in at least a dozen countries — from the U.S. to Brazil to India — were compromised, including firms in the manufacturing, oil and gas, and maritime technology sectors, officials said.
The two defendants – Zhu Hua and Zhang Shilong – are accused of being part of a Chinese hacking group known as APT10 or Cloudhopper. Industry experts say the group has been rampant in targeting remote IT management systems. Those “managed service providers” offer a valuable foothold into corporate networks to steal trade secrets.
U.S. officials have tied APT10 to China’s civilian intelligence agency – the Ministry of State Security — which analysts say has become Beijing’s preferred arm for conducting cyber-economic espionage.
A spokesperson for the Chinese Embassy in Washington, D.C. did not immediately respond to a request for comment. Beijing has denied allegations that it engages in state-sponsored IP theft.
Other U.S agencies chimed in to denounce China’s alleged hacking on Thursday.
“We strongly urge China to abide by its commitment to act responsibly in cyberspace and reiterate that the United States will take appropriate measures to defend our interests,” Secretary of State Mike Pompeo and Homeland Security Secretary Kirstjen Nielsen said in a joint statement. The Department of Homeland Security also released technical details to help companies defend against the Chinese hacking.
The announcements come amid ongoing tension between the U.S. and China on cybersecurity, technology, trade and national security matters. The charges have been expected for weeks as U.S. officials have ramped up pressure on Beijing, including through a new Justice Department initiative focused exclusively on combating alleged Chinese economic espionage.
Spies and cybercriminals have long used a variety of methods to obtain secrets from the U.S. public and private organizations. But such activity has become “more audacious” three years after the Obama administration and Chinese President Xi Jinping agreed not to conduct “cyber-enabled theft” of intellectual property, Rob Joyce, a senior adviser at the National Security Agency, said this month.
U.S. officials have expressed increasing frustration that Beijing has not abided by the agreement.
“It is unacceptable that we continue to uncover cybercrime committed by China against America and other nations,” Deputy Attorney General Rod Rosenstein said Thursday.
Chinese hackers are also suspected to be behind the data breach of the Marriott hotel chain that involved information on some 500 million customers dating back to 2014, Reuters first reported. Intelligence officials could combine the breached data, such as passport numbers, with data stolen in recent years from the Office of Personnel Management and U.S. healthcare organizations to create profiles on Americans, experts have warned.
China represents “the most severe counterintelligence threat facing our country today,” Bill Priestap, assistant director of the FBI’s Counterintelligence Division, said during a recent Senate Judiciary Committee hearing.
Beijing also has clashed with U.S. and Canadian officials since Canadian police apprehended Meng Wanzhou on Dec. 1 at the request of American prosecutors. Meng, the chief financial officer of Chinese technology giant Huawei, is not accused of violating U.S. cybercriminal laws. But her case highlights recent warnings about Beijing’s ability to conduct digital espionage by leveraging Chinese-made technology in the global supply chain.
Huawei has consistently denied wrongdoing, and U.S. officials have not publicized evidence behind their allegations about Chinese technology.
The charges unveiled Thursday are only the most recent actions against accused hackers living abroad. The Treasury Department on Wednesday announced sanctions against 15 Russian intelligence operatives for a range of activities. The individuals sanctioned in this case are accused of interfering in the 2016 presidential election, while others are blamed for hacking the World Anti-Doping Agency.
At the same time, however, U.S. officials have singled out China in recent months for allegedly sponsoring criminal hacking. “China is the most active and aggressive in this space,” Wray said.
The United Kingdom on Thursday joined in the condemnation of Chinese hackers associated with APT10.
“These activities must stop,” UK Foreign Secretary Jeremy Hunt said. “They go against the commitments made to the UK in 2015, and, as part of the G20, not to conduct or support cyber-enabled theft of intellectual property or trade secrets.”
Other U.S. allies are expected to issue similar statements.
John Carlin, a former top Justice Department official, told CyberScoop the announcements were “another important step in a concerted long-term strategic approach” by the department to work with allies and other U.S. agencies to “raise the costs of cyber-espionage until the behavior changes.”
“The international coordination is significant and new and reflects our allies increasing concern about this threat,” Carlin added.
You can read the full indictment below.