The US Department of Justice on Tuesday (local time) convicted two Chinese nationals of spying charges for targeting computer networks of biotech firms around the world working on coronavirus vaccines, technology and treatments.
“Two Chinese hackers working with the Ministry of State Security charged with global computer intrusion campaign targeting intellectual property and confidential business information, including COVID-19 research,” the Department said.
The 11-count indictment alleged that the two former computer engineers, identified as Li Xiaoyu, 34, and Dong Jiazhi, 33, conducted a hacking campaign lasting more than ten years to the present, targeting companies in countries with high technology industries, including the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom.
It was also alleged that the two had hacked companies engaged in high-tech manufacturing, pharmaceuticals, and gaming software development, and with targeting dissidents, clergy and human rights activists in the United States, China, and Hong Kong.
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cybercriminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Assistant Attorney General for National Security John C Demers.
“Today’s indictment demonstrates the serious consequences the Chinese MSS and its proxies will face if they continue to deploy malicious cyber tactics to either steal what they cannot create or silence what they do not want to hear,” said FBI Deputy Director David Bowdich.
“Cybercrimes directed by the Chinese government’s intelligence services not only threaten the United States but also every other country that supports fair play, international norms, and the rule of law, and it also seriously undermines China’s desire to become a respected leader in world affairs. The FBI and our international partners will not stand idly by to this threat, and we are committed to holding the Chinese government accountable,” he added.
The Department said that the complicated nature of cyber investigations is only exacerbated when the criminal is backed by the resources of a foreign government. The nature and value of the material stolen by these hackers cannot just be measured in dollars and was indicative of being state-driven.
According to the indictment, to gain initial access to victim networks, the defendants primarily exploited publicly known software vulnerabilities in popular web server software, web application development suites, and software collaboration programs.
The indictment charges the defendants with conspiring to steal trade secrets from at least eight known victims, which consisted of technology designs, manufacturing processes, test mechanisms and results, source code, and pharmaceutical chemical structures, the Department said.
The defendants have each been charged with one count of conspiracy to commit computer fraud, which carries a maximum sentence of five years in prison; one count of conspiracy to commit theft of trade secrets, which carries a maximum sentence of ten years in prison; one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; one count of unauthorised access of a computer, which carries a maximum sentence of five years in prison; and seven counts of aggravated identity theft, which each carries a mandatory sentence of two non-consecutive years in prison.