Reports show that the United States Department of Justice (DOJ) has charged two Chinese nationals with being part of a decade-long, global hacking campaign sponsored by the Chinese government that included the alleged theft of information from 45 US tech companies and government agencies. Among the companies that are reported to have been hacked are IBM, HP and the US Space Agency NASA’s Jet Propulsion Laboratory and Goddard Space Flight Center.
The charges, which come at a time of heightened tension between the US and China, were disclosed after the US government unsealed an indictment against the two individuals last week. Indictment against the two individuals, Zhu Hua and Zhang Shilong, is just the latest in a long line of accusations against the Chinese government of sponsoring or seeking theft of American technology.
“As evidenced by this investigation, the threats we face have never been more severe, or more pervasive, or more potentially damaging to our national security, and no country poses a broader, more severe long-term threat to our nation’s economy and cyber infrastructure than China,” said FBI Director Christopher Wray while revealing the indictment. “China’s goal, simply put, is to replace the US as the world’s leading superpower, and they’re using illegal methods to get there.”
Zhu Hua and Zhang Shilong were part of a Chinese hacking group known in the cyber security community as Advanced Persistent Threat 10, or APT10, according to the indictment. The alleged hackers went by a number of different aliases, including ‘Godkiller’, and the hacking operation was sometimes known as different names like ‘Red Apollo’, ‘Stone Panda’, and ‘POTASSIUM’, according to the charging document.
Starting around 2006 and running through this year, APT10 used an evolving set of techniques to break down network defenses, select victims, and access sensitive information, according to the DOJ. The group relied heavily on spear phishing attacks to place malware on victims’ computers. They masked themselves with seemingly legitimate email addresses, sent messages with attached documents loaded with malicious code, but named the documents in a way that made them look relevant to the company.
The malware gave the hackers remote access to the infected computers, and also allowed them to log employees’ keystrokes, offering up usernames and passwords. Over the course of the hacking campaign, the group accessed at least 90 computers and stole hundreds of gigabytes of data, according to the charging document. This included computers from seven companies involved in aviation, space, and satellite technology, three communications companies, a US Department of Energy National Laboratory, as well as NASA’s Goddard Space Flight Center and its Jet Propulsion Laboratory.
The hackers also targeted ‘managed service providers’ — firms that store, process and protect commercial data, including intellectual property, and other confidential business information. This hacking campaign gave the group access to the computers and networks in at least 12 different countries, including those of a number of unnamed consulting companies, health care and biotechnology companies, and a global financial institution, said the indictment. Two of the compromised managed service providers were identified as Hewlett Packard Enterprise and IBM.
The industries targeted in the hacking campaign are those that are core to the Chinese government’s ‘Made in China 2025’ plan, which is meant to extend the country’s economic influence throughout the world. It has been alleged that China used information gathered from hackers to copy the C-17 aircraft that was developed by Boeing and used by the US military.
The DOJ revealed that the hacking group operated in a number of locations throughout China, but specifically the city of Tianjin was named as a hub for APT10. The two hackers are accused of working with the Tianjin bureau of China’s Ministry of State Security, the government’s intelligence agency. Zhu and Zhang have also been charged with wire fraud and identity theft. The two Chinese nationals named in the indictment still live in China, and so there is very little chance that they will ever be prosecuted in the US.
In 2015, China had promised to stop stealing trade secrets and other confidential business information through computer hacking with the intent of providing competitive advantage to companies in the commercial sector. But the activity alleged in the new indictment clearly violates the commitment that China made to the United States, the G20, and the international community.