US prosecutors have announced charges against two Chinese hackers accused of stealing trade secrets from technology and biotech companies, including firms working on COVID-19-related treatment, testing and vaccines.
Assistant Attorney General for National Security John Demers said in a Department of Justice press conference Tuesday that the cyber intrusions are examples of China’s “brazen willingness to engage in theft” of intellectual property to advance their competitive edge in key technology sectors.
As part of a multi-year cyber attack resulting in terabytes of stolen data, Demers said hackers targeted firms in eight of 10 technology sectors, including robotics, aircraft, maritime equipment, clean energy, biotech and advanced rail. More recently, the hackers began targeting the networks of biotech and other firms known to be developing COVID-19 treatments.
The DOJ suggests in the 11-count indictment that the hackers were working for both themselves and for the benefit the Chinese government’s Ministry of State Security.
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” Demers said in a statement.
According to the indictment, the hackers were able to gain access to corporate networks by exploiting publicly known software vulnerabilities that in some cases had not yet been patched, and then used that access to install malicious shell programs and credential-stealing software. From there they were able to remotely execute commands on employee computers.
The hackers, identified as Li Xiaoyu and Dong Jiazhi, were each charged with one count of conspiracy to commit computer fraud, one count of conspiracy to commit theft of trade secrets, one count of conspiracy to commit wire fraud, one count of unauthorized access of a computer, and seven counts of aggravated identity theft.
The indictment comes just a week after it was disclosed that state-backed Russian hackers were targeting pharmaceutical companies, healthcare, academic research centers and other organizations involved in coronavirus vaccine development. The warning came via an advisory put out by the UK’s National Cyber Security, with support from the US National Security Agency and the Canadian security services.
It’s previously been warned that other nations are also likely to be attempting to steal coronavirus related research.