U.S. prosecutors announced criminal charges on Wednesday against five suspected Chinese hackers and two Malaysian businessmen in connection with cyber intrusions in recent years on more than 100 companies and other entities in the United States and in other countries.
The alleged hacking effort, from early 2014 until August 2020, targeted thousands of computers around the world, including the computer networks of several companies in the $1 billion video gaming industry, resulting in millions of dollars in losses, law enforcement officials said.
The five hackers, alleged members of a Chinese hacking group known as APT-41, remain at large. They were identified as Zhang Haoran, 35; Tan Dailin, 35; Jiang Lizhi, 35; Qian Chuan, 39; and Fu Qiang, 37.
The two Malaysian businessmen -- Wong Ong Hua, 46, and Ling Yang Ching, 32 – were arrested in Malaysia on Sunday. The U.S. is seeking their extradition, a process that could take months. The duo is accused of conspiring with two of the Chinese hackers to sell video game currency and other items stolen from video game developers in the United States, France, Japan, Singapore and South Korea.
The three other suspects face charges of hacking the computer networks of more than 100 companies, organizations, and individuals in the United States and around the world, including Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam.
In addition, the three men allegedly compromised government computer networks in India and Vietnam and unsuccessfully attempted to penetrate government networks in Britain, according to an indictment.
The seven men were charged in three indictments handed down in August 2019 and August 2020 and unsealed on Wednesday.
Cybersecurity experts have long identified the APT-41 hacking group as one of the most prolific Chinese threat actors in cyberspace. The hacking group’s activities date back to 2012 when its members targeted the video game industry before moving to traditional espionage, likely at the behest of the Chinese government, John Hultquist, senior director of analysis at cybersecurity firm FireEye’s Mandiant Threat Intelligence group.
“This is a unique actor, who carries out global cyber espionage while simultaneously pursuing a criminal venture,” Hultquist said.
U.S. officials said that while the hacking operation was not state sponsored, it had the tacit approval of the Chinese government.
In one case, “one of the Chinese defendants is accused of boasting to a colleague that he was ‘very close’ to the Ministry of State Security and would be protected ‘unless something very big happens,’” said Deputy Attorney General Jeffrey Rosen. “The hacker and his associate agreed not to ‘touch domestic stuff anymore.’”
Announcing the charges at a virtual press conference, Rosen and other top law enforcement officials called out China for facilitating cybercrime.
“The Department of Justice has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens,” Rosen said. “Regrettably, the Chinese communist party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.”
In addition to charging the seven men, U.S. authorities said they seized hundreds of accounts, servers, domain names, and command-and-control (C2) “dead drop” web pages used by the defendants to conduct their computer intrusion offenses.
The indictments are the latest in a series of charges against suspected Chinese hackers and come amid growing tensions between the U.S. and China over the coronavirus pandemic, trade, and Hong Kong. In July, a federal grand jury indicted two suspected Chinese hackers with a “global computer intrusion campaign” that lasted 10 years and targeted hundreds of entities, including governments, non-governmental organizations and companies developing coronavirus vaccines and treatments. As with the APT-41 hackers, the two hackers in that case were accused of stealing intellectual property for their own personal financial gain as well as for the benefit of the Chinese government.
U.S. President Donald Trump has repeatedly blamed China for the spread of the coronavirus and top administration officials have publicly accused China of cyber-intrusions and other alleged misbehavior on the global stage in support of its strategic objectives.
In July, Attorney General William Barr accused China of engaging in an “economic blitzkrieg” to supplant the United States as the world’s only superpower, and he warned U.S. businesses not to bow to Chinese pressure in pursuit of profit.
China has long rejected the U.S. accusations.
US Charges 5 Chinese, 2 Malaysians in Global Computer Intrusion Campaign
update