09/18/2020 / By Franz Walker
The Department of Justice has indicted five Chinese nationals, as well as two Malaysians, on charges relating to a massive hacking campaign to steal sensitive information and trade secrets from more than 100 companies and entities around the world.
The five Chinese nationals are part of a hacker group known as “Advanced Persistent Threat 41” (APT41). The group has reportedly stolen source code, consumer data and business information from victims both in the United States and abroad. Their victims come from across a wide range of sectors including universities, tech companies, foreign governments and even pro-democracy proponents in Hong Kong.
On Wednesday, U.S. cybersecurity firm FireEye stated that APT41 was currently the most prolific Chinese hacking group it tracked.
The two Malaysians, on the other hand, were businessmen who got involved with two of the Chinese hackers. The latter compromised the networks of video game companies to steal in-game resources and got the help of the former to sell these on the black market. The two were arrested in Malaysia on Sunday on an extradition request by the U.S. and are now facing extradition proceedings.
The charges, which were laid out in three separate indictments, build on several other cases that the Trump administration has brought against accused Chinese hackers. Beijing’s cyber-enabled theft of intellectual property has been labeled as a grave national and economic threat by the administration. (Related: Trump admin orders Chinese embassy closed immediately amid charges of privacy violations and theft of intellectual property.)
U.S. law-enforcement agencies, however, rarely succeed in arresting foreign hackers. The five Chinese nationals, Zhang Haoran, 35; Tan Dailin, 35; Jiang Lizhi, 35; Qian Chuan, 39; and Fu Qiang, 37, remain at-large in China.
“The Department of Justice has used every tool available to disrupt the illegal computer intrusions and cyber attacks by these Chinese citizens,” Deputy Attorney General Jeffrey Rosen said. “Regrettably, the Chinese Communist Party has chosen a different path of making China safe for cyber criminals so long as they attack computers outside China and steal intellectual property helpful to China.”
With this in mind, officials are calling the arrests in Malaysia a victory for international cooperation.
For its part, the Chinese Embassy in Washington has not responded to any requests for comment. China, however, has denied U.S. accusations of being involved in malicious cyber activity.
The indictment, however, states that one of the defendants, Jiang, had discussed with an unidentified associate how his working relationship with China’s Ministry of State Security provided him with protection.
According to prosecutors, APT41 deployed sophisticated techniques to hack into their victims’ networks. One such method, known as a “supply chain attack,” saw the hacker group targeting software providers around the world to install backdoors into their software. This then allowed the group to hack customers that installed said software.
FireEye detected a surge in cyber spying by APT41 back in late January of this year, around the same time the Wuhan coronavirus began to spread beyond China. The firm said that more than 75 percent of its customers were targeted by the group. These included manufacturers, media companies, healthcare companies and even nonprofits.
Prior to this, in November 2019, FireEye already warned that APT41 hacked several major telecom firms to obtain text messages and call records of several “high-value targets,” including politicians, political movements and intelligence organizations who were at odds with China. This included government networks of neighbors India and Vietnam – both countries with territorial disputes with China. The U.K. government’s network was also targeted, according to the indictment, but was not breached.
Through the aid of seizure warrants, federal authorities were able to block the hackers from accessing online tools used for their campaigns. In addition, authorities also worked with tech companies such as Microsoft, Facebook, Google and Verizon. These and other companies assisted in the investigation and helped neutralize some of the infrastructure used by the Chinese hackers, which aided in the protections of some victims.
According to a Microsoft spokeswoman, the company “developed and implemented technical measures to block this threat actor from accessing victims’ computer systems.”
The Justice Department, however, declined to say whether or not these companies were among those targeted by the group; neither did Microsoft’s spokeswoman.
Follow CyberWar.news for more on how China is using hackers to steal ideas and technology from the free world.
Sources include:
Tagged Under: arrest, badtech, China, corporations, Cybercrime, cyberwarfare, espionage, FireEye, hackers, hacking, indictment, internet, IP theft, privacy watch, spying, surveillance
COPYRIGHT © 2017 COMPUTING NEWS