A U.S. grand jury has indicted two hackers affiliated with China’s Ministry of State Security for a 10-year global campaign in which they broke into computer systems of hundreds of companies, and recently targeted firms researching a coronavirus vaccine, the Justice Department said Tuesday.
The 11-count indictment alleges Li Xiaoyu, 34, and Dong Jiazhi, 33, stole terabytes of data over a decade from high technology companies in the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom.
The charges are the latest in a series of Trump administration actions targeting China, ranging from sanctions over China’s imposition of harsh security laws in Hong Kong and over human rights abuses against Muslim Uyghurs in Xinjiang to public denunciations of Chinese territorial claims in the South China Sea.
The pair from Chinese Ministry of State Security (MSS) and the Guangdong State Security Department (GSSD), also allegedly targeted non-governmental organizations, dissidents, clergy, and democratic and human rights activists in the United States, Hong Kong and China, said the grand jury in Spokane, Washington.
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state,” said Assistant Attorney General for National Security John C. Demers.
Hackers like Li and Dong work to “feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” Demers added as he announced the charges.
“Today’s indictment demonstrates the serious consequences the Chinese MSS and its proxies will face if they continue to deploy malicious cyber tactics to either steal what they cannot create or silence what they do not want to hear,” said FBI Deputy Director David Bowdich.
“The FBI and our international partners will not stand idly by to this threat, and we are committed to holding the Chinese government accountable,” he added.
Li and Dong cast their net widely to allegedly steal data from high-tech manufacturing, industrial engineering, solar energy, pharmaceuticals and defense. Recently, they probed computer networks of companies developing COVID-19 vaccines, testing technology, and treatments, the indictment said.
U.S. Attorney William D. Hyslop for the Eastern District of Washington, said the hacking was first detected at the Department of Energy’s Hanford Site in eastern Washington.
“The hackers operated from China both for their own gain and with the assistance and for the benefit of the Chinese government’s Ministry of State Security,” he said.
Michael McCaul, lead Republican of the House Foreign Affairs Committee, hailed the indictments as “a powerful message to those who are intent on exploiting this pandemic: We will identify you and we will prosecute you.”
“The CCP has been hacking U.S. companies and the U.S. government for years in what FBI Director Wray has called ‘one of the largest transfers of wealth in human history.’ Today, we made it clear these actions will not be tolerated,” said McCaul.
The two hackers, who are not in U.S. custody, were charged with computer fraud, conspiracy to commit theft of trade secrets, conspiracy to commit wire fraud, unauthorized access of a computer, and aggravated identity theft. The offenses carry penalties from two years to 20 years in prison.