China Accused by U.S., Allies of Massive State-Sponsored Hacking Campaign

Share on WhatsApp
Share on WhatsApp
china-hackers.jpg US Deputy Attorney General Rod Rosenstein (C), flanked by US law enforcement offficials, speaks at a press conference after the Justice Department unveiled fresh indictments of Chinese government hackers who allegedly targeted scores of international companies, Washington, DC, Dec. 20, 2018.

The United States' Department of Justice (DOJ) on Thursday indicted two Chinese nationals for a massive hacking campaign targeting intellectual property and sensitive commercial data around the world.

The department unsealed indictments against Zhu Hua and Zhang Shilong, saying in a statement: "We hope the day will come when the defendants face justice under the rule of law in a federal courtroom."

The charges include conspiracy to commit computer intrusions against dozens of companies in the United States and around the world, the DOJ said.

"As with all American criminal charges, individual defendants are presumed innocent unless proven guilty in a court of law," it added.

Zhu and Zhang are allegedly linked to a group of hackers known to investigators simply as APT 10, which acted on behalf of China's ministry of state security to carry out a malicious cyber campaign known as Cloud Hopper in Europe, Asia and the U.S., according to details released simultaneously in Washington and London.

The U.K.'s National Cyber Security Centre said it had assessed "with the highest level of probability" that the group widely known as APT 10 is responsible for this sustained cyber campaign focused on large-scale service providers.

It said the group almost certainly continues to target a range of global companies, seeking to gain access to commercial secrets.

"The U.K. government has made the judgement that the Chinese ministry of state security was responsible," it said.

Networks breached

The alleged hacking contravenes bilateral agreements on cybersecurity made by Beijing with several countries, and is inconsistent with G20 commitments that no country should conduct or support [computer]-enabled theft of intellectual property, including trade secrets or other confidential business information, according to a statement on the U.K. Foreign and Commonwealth Office website.

The hackers breached the networks of Hewlett Packard Enterprise and IBM, then used their access to hack into their clients’ computers, Reuters reported.

APT stands for Advanced Persistent Threat, and indicates that hackers are using malware to gain access to computer networks and extract data over an extended period of time, the DOJ said.

APT 10 allegedly achieved this by targeting and compromising third-party service providers used by companies to store, process, and protect commercial data, including intellectual property and other confidential business information, in at least a dozen countries.

Hackers targeted companies in the banking and finance, telecommunications and consumer electronics, medical equipment, packaging, manufacturing, consulting, healthcare, biotechnology, automotive, oil and gas exploration, and mining sectors, according to the DOJ.

"When hackers gain access to [such providers], they can steal sensitive business information that gives competitors an unfair advantage," the DOJ statement said.

The indictment alleges that defendants worked for a group known to cyber security experts as APT-10.  These groups are designated as APTs because they use malware to gain access to computer networks and exfiltrate data over an extended period of time.

"This is not the first time the Department of Justice has accused Chinese state actors and associates of stealing commercial information," the DOJ said. "our department has repeatedly cast a spotlight on Chinese state-sponsored criminal activity targeting U.S. companies."

China at center of allegations

It said more than 90 percent of cases alleging economic espionage over the past seven years involve China, and more than two thirds of thefts of trade secrets allegations.

"We want China to cease illegal cyber activities and honor its commitment to the international community, but the evidence suggests that China may not intend to live up to its promises," the statement said.

"America and many allies know what China is doing. We know why they are doing it. And in some cases, we even know which individual people are doing it in association with the Chinese government," it said.

U.K. foreign secretary Jeremy Hunt also called on Beijing to cease its "widespread cyber intrusions."

"Our message to governments prepared to enable these activities is clear: together with our allies, we will expose your actions and take other necessary steps to ensure the rule of law is upheld," Hunt said.

He said the government would work with service providers to boost information security.

"It is clear that in some cases basic cyber security measures are still not being taken, and this is not acceptable," Hunt said. "Together the community will discuss the necessary step change that is required in contracting and security controls to tackle cyber threats to government and beyond."

Reported by Fok Leung-kiu for RFA's Cantonese Service, and by Shi Shan for the Mandarin Service. Translated and edited by Luisetta Mudie.


Add your comment by filling out the form below in plain text. Comments are approved by a moderator and can be edited in accordance with RFAs Terms of Use. Comments will not appear in real time. RFA is not responsible for the content of the postings. Please, be respectful of others' point of view and stick to the facts.