A man uses a computer in an internet cafe in Beijing on June 1, 2017. China implemented a controversial cybersecurity law on June 1, despite concerns from foreign firms worried about its impact on their ability to do business in the world's second largest economy. / AFP PHOTO / GREG BAKER (Photo credit should read GREG BAKER/AFP via Getty Images)

Four Chinese nationals working with China’s top intelligence agency have been charged in a global campaign hacking campaign to steal trade secrets and sensitive information from companies, universities, and government bodies.

The charges were announced as the United States and allies in a coordinated push on Monday condemned the Chinese regime for sponsoring “malicious” cyberattacks against targets around the world. China’s Ministry of State Security (MSS), the regime’s chief intelligence agency, is behind the deployment of these hackers, they said. The United States also attributed the massive hack of Microsoft disclosed earlier this year to hackers working for the MSS.

The hackers charged were sponsored by the MSS and focused their theft on information that would significantly benefit Chinese companies, such as research and development processes, according to a statement by the Justice Department.

The defendants and officials in the Hainan State Security Department, a provincial arm of the MSS, tried to hide the Chinese regime’s role in the hacks by using a front company, according to the indictment, which was returned in May and unsealed Friday.

The campaign, active from 2011 to 2018, targeted trade secrets in an array of industries including aviation, defense, education, government, health care, biopharmaceutical, and maritime industries, the Justice Department said.

Victims were in Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland, the United Kingdom, and the United States.

Prosecutors allege the hackers stole foreign information to help Chinese state-owned companies to secure contracts in the targeted companies, such as a large high-speed railway project. The group also targeted research institutes and universities for infectious-disease research relating to Ebola, MERS, HIV/AIDS, Marburg and tularemia, the department said.

“These criminal charges once again highlight that China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments,” Deputy U.S. Attorney General Lisa Monaco said in the statement.

It said the two-count indictment alleges that Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin were HSSD officers responsible for coordinating computer hackers and linguists at the front companies.

The fourth defendant, Wu Shurong, an employee at front company Hainan Xiandun Technology Development Co. Ltd., “created malware, hacked into computer systems operated by foreign governments, companies and universities, and supervised other Hainan Xiandun hackers,” the Justice Department said.

‘Malicious Activities’

On Monday, the Biden administration, together with a group of allies, criticized the communist regime for its sweeping global hacking campaign that employed contract hackers.

“The United States and countries around the world are holding the People’s Republic of China accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security,” U.S. Secretary of State Anthony Blinken said in a statement on July 19.

The MSS, the regime’s chief intelligence agency, is behind the deployment of these hackers, senior administration officials said on July 18. And their targets include managed service providers, semiconductor companies, defense corporations, universities, and medical institutions, according to a U.S. government cybersecurity advisory.

“These cyber operations support China’s long-term economic and military development objectives,” the advisory explained.

The Chinese Communist Party (CCP) has set out different policies and industrial road maps with the goal of achieving “socialist modernization” by 2035 and becoming a “global leader in innovation.”

Some of the cyberattacks are ransomware operations, which involve malicious actors encrypting victims’ data and making it inaccessible. The actors then demand ransom in exchange for decryption. According to the officials, some private companies were asked to pay millions of dollars after being hit with China’s ransomware operations.

The new revelations on China’s long track record of malicious cyber activities drew joint condemnation from multiple countries, including the United Kingdom, Australia, Canada, Japan, New Zealand, and Japan, as well as from the European Union and NATO.

“We’re making it clear to China that for as long as these irresponsible, malicious cyber activities continue, it will unite countries around the world who are all victims to call them out, promote network defense and cybersecurity working together in that way,” said Biden administration officials.

In response to China’s new cyberthreats, the officials explained the Five Eyes countries, Japan, the EU, and NATO, would work together on information sharing and expanding diplomatic engagement to “strengthen our collective cyber resilience and security cooperation.” They expect more countries to join the cooperation in the coming weeks.

It marks the first time that NATO has publicly condemned China’s cyber activities, the Biden officials explained, as the transatlantic alliance adopted a new cyber defense policy in June. It states that a cyberattack against a NATO member is considered an attack against all members, and actions will be considered accordingly to respond.

The senior officials also said that they had “high confidence” that the Chinese regime was responsible for the cyberattack against Microsoft, saying that “malicious cyber actors” affiliated with the MSS exploited zero-day vulnerabilities in the U.S. tech giant’s Exchange Server software, compromising tens of thousands of systems globally.

In March, Microsoft announced that Hafnium, a state-sponsored hacking group operating from China, was responsible for hacking into its email and calendar server. Security experts estimated at the time that at least 30,000 organizations in the United States were hacked.

“We’ve raised our concerns about both the Microsoft incident and the PRC’s [People’s Republic of China] broader malicious cyber activity with senior PRC government officials, making clear that the PRC’s actions threaten security, confidence, and stability in cyberspace,” the senior U.S. officials said.

“The U.S. and our allies and partners are not ruling out further actions to hold the PRC accountable.”

Beijing has previously rejected Microsoft’s claims, saying that companies and media should not “make groundless accusations.”

China’s Cyber Tactics

The cybersecurity advisory outlined Beijing’s tactics and techniques, and provided recommendations on how to shore up computer systems.

“By exposing the PRC’s malicious activity with allies and partners, we’re continuing the administration’s efforts to inform and empower system owners and operators to act at home and around the world,” the senior U.S. officials said.

China’s state-sponsored cyber actors are known to mask their identities through virtual private servers, as well as evading detection by using small office and home office (SOHO) broadband routers.

These actors “consistently scan target networks for critical and high vulnerabilities within days of the vulnerability’s public disclosure,” according to the advisory. They have sought to exploit flaws in applications including Microsoft products, Apache, F5 Big-IP, and Pulse Secure.

In April, California-based cybersecurity firm FireEye issued a report saying that Chinese hackers had exploited Pulse Secure’s virtual private network in order to gain access to government agencies and companies in the United States and Europe. The hackers were suspected to be working for the Chinese regime and had ties to APT5, one of the Chinese advanced persistent threat groups.

Among the different Microsoft products targeted include Microsoft 365, Outlook Web Access, and the Exchange Offline Address Book.

These actors are also known to be carrying out spearphishing campaigns—sending out infected emails with a malicious link or attached files—in order to gain control of the victim’s device.

The advisory offers several mitigation choices, including using a network intrusion detection and prevention system, and monitoring common ports and protocols for command and control activity.

44 thoughts on “US Charges 4 Chinese Nationals Working With Spy Agency in Global Hacking Campaign”
  1. It is so cool to find really good content such as this nowadays. This article is not just educational, but additionally intriguing and educational. Pretty awesome work.

  2. I believe you have got the perfect vision. It is actually incredibly good content. I’m amazed with how you offered this. I personally intend to come back in hopes to read a lot more.

  3. This is just the perfect post on this particular subject matter I’ve seen so far. I am glad I had the opportunity to go through it. You’ve done very well.

  4. This is top-quality material. It’s actually filled with useful and interesting facts that anyone can grab. I personally enjoy reading articles so well written. You have executed an extremely nice job with this material.

  5. There is so much superb info in the following paragraphs that I have to share it with my hubby later. I’ve bookmarked it in order to show him.

  6. I actually would like I could provide you with an award for this specific content material. Your own post rates a blue ribbon in my view. This is fantastic top quality material.

  7. You have got a genuine ability for putting your ideas into clear, original material. Your write-up is simple to read and also comprehend. You have brought forth some remarkable points which I accept and value.

  8. Thanks for this info. You have really made me personally think about your opinions. I personally enjoy reading through content material that’s easy to understand, tough and thought-provoking. I actually can tell you performed your research on this specific matter.

  9. It is amazing reading material! It is filled with valuable info which anybody could go through as well as understand. I personally like to go through content articles by writers that actually value the content they produce and discuss. Thank you so much.

  10. I am an author, nevertheless I am definitely not of your caliber. I am aware of the energy it required you to compose this content. It is interesting and also remarkable in my opinion.

  11. I’ve been completely immersed by your own terrific post. I have read as well as reread it, and am looking to go through far more as quickly as possible.

  12. I actually compliment this author with regard to creating this sort of exclusive and good quality info with viewpoints I’m able to comprehend. I personally could not stop reading this article. I got so absorbed in this specific content. Thanks!

  13. I’m surprised at how much this post demonstrates my personal thoughts. This isn’t only well written and interesting information, it’s informative as well as thoughtful. You must have executed your research.

  14. After reading your own write-up twice, I had to consider the info. This is a wonderful factor for me personally. I accept much of your content material.

  15. I have saved this informative article so I could come back later on and go through it once more. It’s quite fascinating, very well researched and also compiled. I almost never observe fabulous content these days. Many thanks.

  16. I must tell you how remarkable I believe your information is within this article. You’ve really made things crystal clear and easy to understand. I found this to be an effective article. Thanks a lot.

  17. Fantastic is definitely the sole word I can find to explain your content. I personally can’t let you know how long it has been since I’ve found this sort of awesome writing. I concur with your points. Incredibly good work!

  18. I’m an author, nonetheless I am definitely not of your quality. I know the energy it required you to compose this specific content. It is engaging as well as superb in my opinion.

  19. I am having a difficult time fathoming how much research you’d to carry out for this particular information, but I love it and I also agree. You actually tend to make a lot of sense.

  20. I began going through your own post and also could not quit. You are great with words and making your opinions interesting and compelling. I am happy I got to go through this. Thank you very much.

  21. I’ve seriously never read such extremely great material similar to this. I agree with the points plus your ideas. This particular info is really remarkable. Many thanks.

  22. I appreciated reading through your write-up and also paying attention to the points stated in it. I agree. You make a lot of good sense and you also understand how to convey your ideas. I personally appreciate your hard work.

  23. I actually never realized anyone else shared my personal views on this specific subject. Many thanks for confirming my values and making this content material so clear and easy to read. I desire you have got intentions of writing even more.

  24. Spectacular demonstration! You’ve showed the points quite well in this article. Not many people are focused enough to write this well. Thank you a lot.

  25. It requires an enlightening and gifted writer to write top quality content as observed here. I personally accept several of your points right here. You have made me reconsider a few of my personal ideas through your perception.

  26. This is really intriguing content! I have completely liked going through your points and have come to the conclusion that you are right with regards to a lot of them. You actually are awesome.

  27. I know how hard it is to create informational copy, hence I get just how much work went into this specific content. Your own work is great and you also did a very good job with rendering your own points clear.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.