The U.S. Department of Justice (DoJ) charged two Chinese nationals for their involvement in a decade-long hacking spree targeting protesters, government agencies and several organizations in at least 11 countries.
The 11-count indictment alleges LI Xiaoyu and DONG Jiazhi stole terabytes of sensitive data, including from companies developing COVID-19 vaccines, testing technology and treatments. They were found to be working both for personal financial gain and also on behalf of China’s Ministry of State Security.
Assistant Attorney General John C. Demers, who leads the DoJ’s National Security Division stated that China has joined the shameful club of nations that provide a safe place for cyber criminals in exchange for those criminals called to work for the benefit of the state, and to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research.
The hackers who are wanted by the U.S. Federal Bureau of Investigation, came under the radar after they compromised a U.S. Department of Energy network in Hanford, which is home to a decommissioned nuclear production complex located in the state of Washington.
Besides this breach, the hackers were also accused for infiltrating the networks of companies which includes high tech manufacturing, industrial engineering, defense, educational, gaming software, and pharmaceutical sectors with an aim to steal trade secrets and other confidential business information.
Several victim organizations are based in Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the U.K besides the US. In all, the targeted cyberattacks lasted for more than ten years, starting around September 1, 2009, and continuing through July 7, 2020.
As per the indictment the hackers entered the network of the company by exploiting insecure default configurations or freshly disclosed security flaws in popular software which had not been patched.
Then they installed credential-stealing software to get deeper access and leveraged web shells to execute malicious programs, and transfer the data in the form of compressed RAR files. They also changed their extensions to “.JPG” to mask the exfiltration process in the form of innocuous images.
The stolen data which comes to hundreds of gigabytes, consisted of source code, information about drugs under active development, weapon designs, and personally identifiable information.
All the malicious activities were performed on the Recycle Bin of the targeted Windows systems, using it to load the executables into specific folders and save the RAR files.
In an instance the hackers also tried to extort cryptocurrency from a victim entity, by threatening to release the victim’s stolen source code on the Internet.
Recently the hackers also exploited the vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments.
The FBI and Homeland Security had warned earlier that China was trying to steal data from organizations working on COVID-19 research. But China is not the only nation that has been accused of using its offensive cyber capabilities to steal coronavirus research.
The hackers, Li and Dong are charged with identity theft, conspiracy to commit wire fraud, theft of trade secrets, and violating anti-hacking laws which might give them sentence of more than 40 years.
Image Credits : The Hill