Justice ministry charges four members of Chinese government hacking group
The Justice Department on Monday announced charges against four Chinese nationals, accusing the men of being part of a hacking group that has attacked “businesses, universities and government entities in the United States and abroad. between 2011 and 2018 “.
According to a DOJ statement, a federal grand jury in San Diego handed down the indictment of the four in May and it was unsealed on Friday.
The indictment states that Ding Xiaoyang, Cheng Qingmin, and Zhu Yunmin were members of the Hainan State Security Department secretly working at a shell company called Hainan Xiandun Technology Development Co., Ltd.
The purpose of the operation, according to the Justice Department, was to steal information from companies that would help companies in China. The DOJ said the hackers were specifically looking “for information that would bypass lengthy and resource-intensive research and development processes.”
Operating out of Haikou, Hainan Province, the three are accused of “coordinating, facilitating, and managing hackers and linguists in Hainan Xiandun and other MSS front companies.”
Wu Shurong was also indicted for his role as a hacker who created malware, helped the other three break into computer systems, and allegedly supervised other hackers from Hainan Xiandun.
The DOJ noted that the group had attacked companies in the United States, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland, United Kingdom, Austria, Cambodia, Canada. and in Germany. Most of the attacks targeted companies working in defense, education, healthcare, biopharmaceuticals and aviation.
“Stolen trade secrets and confidential business information included, among others, sensitive technologies used for submersibles and autonomous vehicles, specialized chemical formulas, commercial aircraft maintenance, proprietary gene sequencing technology and data, and foreign information to support China’s efforts to obtain state-owned enterprises in the target country (for example, large-scale high-speed railroad development projects), ”the Justice Ministry statement said.
“At research institutes and universities, the plot was aimed at researching infectious diseases linked to Ebola, MERS, HIV / AIDS, Marburg and tularemia.”
The indictment also accuses educators at universities in Hainan and across China of working with the country’s State Security Ministry to assist in the attacks.
Deputy Attorney General Lisa Monaco said the accusations highlighted that China continued to use cyber attacks to steal what other countries were doing, calling the government’s actions “blatant disregard for its bilateral and multilateral commitments.” .
“The scale and duration of China’s hacking campaigns, including those efforts targeting a dozen countries in sectors ranging from healthcare and biomedical research to aviation and defense, remind us that no country or industry is safe, ”Monaco said.
The DOJ noted that several cybersecurity companies have chronicled the group’s activities, giving them a variety of names over the years, including Advanced Persistent Threat (APT) 40, BRONZE, MOHAWK, FEVERDREAM, G0065, Gadolinium, GreenCrash, Hellsing, Kryptonite Panda, Leviathan, Mudcarp, Periscope, Temp.Periscope and Temp.Jumper.
The indictment lists the variety of hacking methods used to break into corporate systems, detailing how the group used spear-phishing emails, hacked credentials, and more.
“The conspiracy has also used multiple and evolving sets of sophisticated malware, including publicly available and custom malware, to gain, extend and maintain unauthorized access to victims’ computers and networks,” the act says. ‘charge.
“The malware in the plot included those identified by security researchers as BADFLICK, aka GreenCrash; PHOTO, alias Derusbi; MURKYTOP, alias mt.exe; and HOMEFRY, alias dp.dll. This malware enabled initial and ongoing intrusions into victims’ systems, lateral movement within a system, and theft of credentials, including administrator passwords. “
The indictment notes that the hackers used anonymization services, Dropbox application programming interface (API) keys, and even GitHub in their attacks.
The four defendants were charged with one count of conspiracy to commit computer fraud and one count of conspiracy to commit economic espionage. Together, the two counts carry a maximum sentence of 20 years in prison.
Acting US Attorney Randy Grossman linked the indictment to the larger announcements released on Monday, where dozens of countries accused China of a massive hacking campaign.
Grossman said the indictment “shows how the Chinese government has made a deliberate choice to cheat and steal instead of innovate,” while claiming that these actions threaten the US economy and national security.
The FBI and CISA issued an advisory designed to help organizations defend themselves against some of the tactics deployed by the four indicted hackers. The Joint Cybersecurity Advisory contains “technical details, indicators of compromise and mitigation measures”.
“The charges presented today demonstrate China’s continued and persistent efforts to tackle computer intrusion, which will not be tolerated either at home or abroad,” said Special Agent in Charge Suzanne Turner of the Foreign Office of the United Nations. FBI in San Diego.
“We remain steadfast with our law enforcement partners in the United States and around the world and will continue to hold accountable those who commit economic espionage and intellectual property theft.”