US Indicts Hackers Working With China’s Ministry Of State Security

US Indicts Hackers Working With China’s Ministry Of State Security

Two hackers working with China’s Ministry of State Security were charged with hacking into computer systems of government organizations and companies in the United States and around the world, stealing terabytes of data in the process.

Chinese nationals and residents LI Xiaoyu (李啸宇 aka Oro0lxy), 34, and DONG Jiazhi (董家志), 33, were allegedly involved in a hacking campaign lasting more than ten years according to the Department of Justice’s Office of Public Affairs.

“From at least in or about September 1, 2009, and continuing through on or about July 7, 2020, in the Eastern District of Washington and elsewhere, the Defendants did knowingly conspire and agree with each other, and with others known and unknown to the Grand Jury including officers of the MSS and MSS Officer 1,” an indictment filed on July 7 and unsealed today says.

During this time, the two purportedly targeted companies and organizations from multiple countries including the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom.

They also supposedly targeted several including but not limited to high tech manufacturing (medical device, civil, and industrial engineering), business, educational, and gaming software, solar energy, pharmaceuticals, and defense.

According to the indictment, to gain initial access to victim networks, the defendants primarily exploited publicly known software vulnerabilities in popular web server software, web application development suites, and software collaboration programs. In some cases, those vulnerabilities were newly announced, meaning that many users would not have installed patches to correct the vulnerability. The defendants also targeted insecure default configurations in common applications. The defendants used their initial unauthorized access to place malicious web shell programs (e.g., the “China Chopper” web shell) and credential-stealing software on victim networks, which allowed them to remotely execute commands on victim computers. – DoJ

The two defendants were also often returned to previously hacked entities, attempting to compromise their systems once again, in some instances years after their first successful data theft attempt.

Their alleged victims include but are not limited to a Californian defense and tech firm, the Hanford Site of the US Department of Energy, a Massachusetts software firm, a Californian gaming company, multiple US pharmaceutical companies, several European gaming and software engineering companies, as well as defense contractors, engineering firms, and medical research firms.

“In at least one instance, the hackers sought to extort cryptocurrency from a victim entity, by threatening to release the victim’s stolen source code on the Internet,” a DoJ press release published today says. “More recently, the defendants probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments.”

Also read: 9 Policies For Security Procedures Examples

“LI and DONG did not just hack for themselves. While in some instances they were stealing business and other information for their own profit, in others they were stealing information of obvious interest to the PRC Govemment’s Ministry of State Security LI and DONG worked with, were assisted by, and operated with the acquiescence of the MSS, including MSS Officer 1, known to the Grand Jury, who was assigned to the Guangdong regional division of the MSS (the Guangdong State Security Department, “GSSD”),” the indictment says.

According to the indictment, the two defendants also provided the MSS with personal data including the email accounts of Chinese dissidents.

One of the MSS officers also helped Li and other hackers to compromise servers by providing them with “0day malware” designed to help them exploit a popular web browser.

The defendants are each charged with one count of conspiracy to commit computer fraud, which carries a maximum sentence of five years in prison; one count of conspiracy to commit theft of trade secrets, which carries a maximum sentence of ten years in prison; one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; one count of unauthorized access of a computer, which carries a maximum sentence of five years in prison; and seven counts of aggravated identity theft, which each carries a mandatory sentence of two non-consecutive years in prison. – DoJ

The MSS officers who worked with the defendants in a number of attacks worked for the GSSD at “Number 5, 6th Crossroad, Upper Nonglin Road. Yuexiu District, in Guangzhou [..].”

The two defendants purportedly targeted victims in the United States, Asia, Europe, and from around the world for years as Chinese residents for Ministry of State Security’s benefit as well as for their own personal gains according to the indictment.

“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” Assistant Attorney General for National Security John C. Demers said.

Also read: 7 Client Data Protection Tips to Keep Customers Safe