US accuses Chinese nationals of hacking spree targeting COVID data, defence secrets

WASHINGTON: The US Justice Department indicted two Chinese nationals for hacking defence contractors, COVID researchers and hundreds of other victims worldwide, according to a court filing published on Tuesday. US authorities said the Chinese nationals, Li Xiaoyu and Dong Jiazhi, participated in a multiyear cyber espionage campaign that stole weapons designs, drug information, software source code as well as targeting dissidents and Chinese opposition figures.

Contact details for Li and Dong were not immediately available. The Chinese Embassy in Washington did not immediately return a message seeking comment. Beijing has repeatedly denied hacking the United States and other rival powers. The indictment did not name any companies, but officials said the investigation was triggered when the hackers broke into the Hanford Site, a decommissioned U.S. nuclear production complex in eastern Washington state.

The indictment said that Li and Dong stole terabytes of data from computers around the world, including the United States, Britain, Germany, Australia and Belgium. U.S. Attorney William Hyslop said, "there are hundreds and hundreds of victims in the United States and worldwide."

Li and Dong were "one of the most prolific group of hackers we`ve investigated," said FBI Special Agent Raymond Duda, who heads the agency`s Seattle field office. He said the pair was implicated in the theft of hundreds of millions of dollars in intellectual property. The document alleges that Li and Dong acted as contractors for China`s Ministry of Security, or MSS, a comparable agency to the U.S. Central Intelligence Agency. The MSS, prosecutors said, supplied the hackers with information into critical software vulnerabilities to penetrate targets and collect intelligence. Among those targeted were Hong Kong protesters, the office of the Dalai Lama and a Chinese Christian non-profit.

Assistant Attorney General for National Security John Demers said in a virtual press conference that the hackers occasionally worked on their own account, including a case in which Li allegedly tried to extort $15,000 in cryptocurrency from a victim. Demers said China had joined the "shameful club of nations who provide a safe haven for cybercriminals" in exchange for their services stealing intellectual property.

One expert said the indictment showed the "extremely high value" that governments such as China placed on COVID-related research. "It is a fundamental threat to all governments around the world and we expect information relating to treatments and vaccines to be targeted by multiple cyber-espionage sponsors," said Ben Read, a senior analyst at cybersecurity company FireEye. He noted that the Chinese government had long relied on contractors for its cyber spying operations.

"Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations," Read said. The indictment alleged that hackers operated from 2014 to 2020 and most recently attempted to steal cancer research.