US charges 5 Chinese citizens in global hacking campaign

WASHINGTON — The Justice Department has charged five Chinese citizens with hacks targeting more than 100 companies and institutions in the United States and abroad, including social media and video game companies as well as universities and telecommunications providers, officials said Wednesday.

The five defendants remain fugitives, but prosecutors say two Malaysian businessmen charged with conspiring with the alleged hackers to profit off the attacks on the billion-dollar video game industry were arrested in Malaysia this week and now face extradition proceedings.

The indictments are part of a broader effort by the Trump administration to call out cybercrimes by China. In July, prosecutors accused hackers of working with the Chinese government to target companies developing vaccines for the coronavirus and of stealing hundreds of millions of dollars worth of intellectual property and trade secrets from companies across the world.

Though those allegations were tailored to the pandemic, the charges announced Wednesday — and the range of victims identified — were significantly broader and involved attacks done both for monetary gain but also more conventional espionage purposes.

In unsealing three related indictments, officials laid out a wide-ranging hacking scheme targeting a variety of business sectors and academia and carried out by a China-based group known as APT41. That group has been tracked over the last year by the cybersecurity firm Mandiant Threat Intelligence, which described the hackers as prolific and successful at blending criminal and espionage operations.

The hackers relied on a series of tactics, including attacks in which they managed to compromise the networks of software providers, modify the code and conduct further attacks on the companies’ customers.

The Justice Department did not directly link the hackers to the Chinese government. But officials said the hackers were probably serving as proxies for Beijing because some of the targets, including pro-democracy activists and students at a Taiwan university, were in line with government interests and didn’t appear to be about scoring a profit.

“A hacker for profit is not going to hack a pro-democracy group,” said acting U.S. Attorney Michael Sherwin of the District of Columbia, where the cases were filed. Those targets, including some that bear the “hallmark” of conventional espionage, point to the conclusion that the hackers had at least an indirect connection with the government, Sherwin said.

In addition, one of the five defendants told a colleague that he was very close to the Chinese Ministry of State Security and would be protected “unless something very big happens,” and also agreed not to go after domestic targets in China, said Deputy Attorney General Jeffrey Rosen.

But some of the conduct was clearly profit driven, officials said. Two of the Chinese defendants, for instance, were charged with breaking into video game companies and obtaining digital currency that was then sold for profit on the black market, officials said.

Rosen, the Justice Department’s No. 2 official, criticized the Chinese government for what he said was a failure to disrupt hacking crimes and to hold hackers accountable.

“Ideally, I would be thanking Chinese law enforcement authorities for their co-operation in the matter and the five Chinese hackers would now be in custody awaiting trial,” Rosen said. “Unfortunately, the record of recent years tells us that the Chinese Communist Party has a demonstrated history of choosing a different path, that of making China safe for their own cyber criminals, so long as they help with its goals of stealing intellectual property and stifling freedom.”

There was no immediate response Wednesday to an email seeking comment from the Chinese Embassy in Washington.

The Justice Department also announced that it had seized hundreds of accounts, servers and domain names used by the defendants and that it had worked with Microsoft and other private sector companies to deny the hackers continued access to tools, accounts and hacking infrastructure.

Also Wednesday, the department announced charges against two Iranian nationals accused of stealing hundreds of terabytes of data in a hacking campaign targeting institutions — and perceived enemies of Iran — in the U.S., Europe and the Middle East.

____

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP

Eric Tucker, The Associated Press