Nations pillory China for unleashing seamless cyber attacks

A federal grand jury in San Diego, California, returned an indictment in May charging four nationals and residents of the China with a campaign to hack into the computer systems of dozens of victim companies, universities and government entities in the United States and abroad between 2011 and 2018.

The indictment, which was unsealed on Friday, alleges that much of the conspiracy’s theft was focused on information that was of significant economic benefit to China’s companies and commercial sectors, including information that would allow the circumvention of lengthy and resource-intensive research and development processes.

The defendants and their Hainan State Security Department (HSSD) conspirators sought to obfuscate the Chinese government’s role in such theft by establishing a front company, Hainan Xiandun Technology Development Co., Ltd. (Hainan Xiandun), since disbanded, to operate out of Haikou, Hainan Province.

The two-count indictment alleges that Ding Xiaoyang Cheng Qingmin and Zhu Yunmin, were HSSD officers responsible for coordinating, facilitating and managing computer hackers and linguists at Hainan Xiandun and other MSS front companies to conduct hacking for the benefit of China and its state-owned and sponsored instrumentalities.

The indictment alleges that Wu Shurong was a computer hacker who, as part of his job duties at Hainan Xiandun, created malware, hacked into computer systems operated by foreign governments, companies and universities, and supervised other Hainan Xiandun hackers.

The conspiracy’s hacking campaign targeted victims in the United States, Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom.

Targeted industries included, among others, aviation, defense, education, government, health care, biopharmaceutical and maritime.

Stolen trade secrets and confidential business information included, among other things, sensitive technologies used for submersibles and autonomous vehicles, specialty chemical formulas, commercial aircraft servicing, proprietary genetic-sequencing technology and data, and foreign information to support China’s efforts to secure contracts for state-owned enterprises within the targeted country (e.g., large-scale high-speed railway development projects).

At research institutes and universities, the conspiracy targeted infectious disease research related to Ebola, MERS, HIV/AIDS, Marburg and tularemia.

As alleged, the charged MSS officers coordinated with staff and professors at various universities in Hainan and elsewhere in China to further the conspiracy’s goals.

Not only did such universities assist the MSS in identifying and recruiting hackers and linguists to penetrate and steal from the computer networks of targeted entities, including peers at many foreign universities, but personnel at one identified Hainan-based university also helped support and manage Hainan Xiandun as a front company, including through payroll, benefits and a mailing address.

“These criminal charges once again highlight that China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments,” said Deputy Attorney General Lisa O. Monaco.

“The breadth and duration of China’s hacking campaigns, including these efforts targeting a dozen countries across sectors ranging from healthcare and biomedical research to aviation and defense, remind us that no country or industry is safe. Today’s international condemnation shows that the world wants fair rules, where countries invest in innovation, not theft.”

“The FBI, alongside our federal and international partners, remains committed to imposing risk and consequences on these malicious cyber actors here in the U.S. and abroad,” said Deputy Director Paul M. Abbate of the FBI.

“We will not allow the Chinese government to continue to use these tactics to obtain unfair economic advantage for its companies and commercial sectors through criminal intrusion and theft. With these types of actions, the Chinese government continues to undercut its own claims of being a trusted and effective partner in the international community.”

“This indictment alleges a worldwide hacking and economic espionage campaign led by the government of China,” said Acting U.S. Attorney Randy Grossman for the Southern District of California. “The defendants include foreign intelligence officials who orchestrated the alleged offenses, and the indictment demonstrates how China’s government made a deliberate choice to cheat and steal instead of innovate.

These offenses threaten our economy and national security, and this prosecution reflects the Department of Justice’s commitment and ability to hold individuals and nations accountable for stealing the ideas and intellectual achievements of our nation’s best and brightest people.” 

Cyber hacking incidents by Chinese nationals were also reported from other corners of the world.

As per a Reuters news report, Japanese companies were targeted by a cyber hacking group called APT40, government spokesperson Katsunobu Kato said on Tuesday, adding "the Chinese government is highly likely" behind the attack.

New Zealand recently condemned China and accused the government of being responsible for hacking attacks.

Andrew Little, minister for the Government Communications Security Bureau (GCSB), said on Monday night that New Zealand had established links between Chinese state-sponsored actors and malicious cyber activity in New Zealand, reports The Guardian.

The Chinese Embassy in New Zealand has denied the charges.

"The accusation from the New Zealand side is totally groundless and irresponsible. China expresses strong dissatisfaction and firm opposition and has already lodged solemn representation with the NZ government," read the statement issued by the Chinese Embassy.

"The Chinese government is a staunch defender of cyber security and firmly opposes and fights all forms of cyber attacks and crimes in accordance with law. Given the virtual nature of cyberspace, one must have clear evidence when investigating and identifying cyber-related incidents. Making accusations without proof is malicious smear," read the statement.

The statement said: "Cyber security is a challenge faced by all countries. China always advocates countries to strengthen dialogue and cooperation on the basis of mutual respect, equality and mutual benefit，and address this challenge together. We urge the New Zealand side to abandon the Cold War mentality, adopt a professional and responsible attitude when dealing with cyber incidents, and work with others to jointly tackle the challenge through dialogue and cooperation，rather than manipulating political issues under the pretext of cyber security and mudslinging at others."

Norway even engaged in a battle with China over the cyber hacking issue.

Norway has accused China of a hack attack against Storting, the Norwegian parliament, that reportedly took place in March, Sputnik reported.

“It is a serious attack that affected our most important democratic institution,” Foreign Minister Ine Eriksen Søreide said, as quoted by national broadcaster NRK.

“Several of our allies, the EU and Microsoft have also confirmed this. The Chinese authorities must prevent such attacks from taking place, so that similar incidents do not happen again,” Søreide added.

“All cyber operations leave different forms of traces, and then it is, among other things, our security services that make assessments of that and compile that information. And on the basis of this information, the government has made an assessment that the attack originated from China,” Søreide said.