The Justice Department has unsealed a damning indictment that links to spies working for the Chinese government an aggressive campaign to hack into U.S. tech and industry giants.
The indictment, out Thursday, accuses China’s main intelligence agency — the Ministry of State Security — of hacking into dozens of tech companies and government departments, largely in an effort to steal intellectual property. Prosecutors said the hackers were part of a Beijing-backed group, dubbed APT10, which various security companies had previously linked to China.
Zhu Hua and Zhang Shilong, both nationals and residents of China, were charged with three counts each of computer hacking, conspiracy to commit wire fraud and aggravated identity theft.
None of the companies were named, but noted that the hackers targeted and “stole hundreds of gigabytes of sensitive data” in aviation, space and satellite technology, manufacturing, pharmaceutical and oil and gas exploration, as well as from communications and computer processor firms and maritime technology companies.
Only the NASA Goddard Space Center and the space agency’s Jet Propulsion Lab were named in the filing.
The indictment also said the hackers stole personally identifiable information — including names, dates of birth, email addresses, salary information and Social Security numbers — on more than 100,000 U.S. Navy personnel.
The hackers used spearphishing — or highly targeted phishing campaigns — to install malware using malicious Microsoft Word documents and steal data from targeted computers, the indictment reads. Others used keyloggers to steal usernames and passwords to break into employees’ accounts.
“We want China to cease illegal cyber activities and honor its commitment to the international community, but the evidence suggests that China may not intend to live up to its promises.” said U.S. deputy attorney general Rod Rosenstein, in remarks at the Justice Department in Washington, DC.
The latest indictments come as tensions between the U.S. and China have increased following the arrest of Huawei’s chief financial officer Meng Wanzhou in Canada, after being accused of fraud by the U.S. She faces up to 30 years in prison if found guilty.
Prosecutors said that China was conducting its “extensive” hacking campaign over the last three years. With this indictment, the Trump administration has effectively scrubbed an Obama-era bilateral agreement, signed by President Obama and China’s premier Xi Jinping in 2015, under which the two countries agreed not to launch hostile cyberattacks and espionage.
Dmitri Alperovitch, chief technology officer at CrowdStrike, which has tracked APT10 in recent years, called the Justice Department’s move “unprecedented and encouraging” to take action against China.
“Today’s announcement of indictments against Ministry of State Security (MSS), whom we deem now to be the most active Chinese cyber threat actor, is another step in a campaign that has been waged to indicate to China that its blatant theft of IP is unacceptable and will not be tolerated,” he said. “While this action alone will not likely solve the issue and companies in US, Canada, Europe, Australia and Japan will continue to be targeted by MSS for industrial espionage, it is an important element in raising the cost and isolating them internationally.”
The U.K. government also said in a statement that it is “holding responsible elements of the Chinese government for an extensive cyber campaign.”
“The National Cyber Security Centre assesses with the highest level of probability that the group widely known as APT10 is responsible for this sustained cyber campaign focused on large-scale service providers,” said a statement from the U.K.’s Foreign Office. “The group almost certainly continues to target a range of global companies, seeking to gain access to commercial secrets.”
U.K. Foreign Secretary Jeremy Hunt called the hacking campaign “one of the most significant and widespread cyber intrusions against the UK and allies uncovered to date.”
Several other allied nations, including Japan and Australia, are expected to release statements to support the U.S. indictment.
Prosecutors conceded that prosecutions are unlikely, given that the named hackers are Chinese residents and extraditions are rare. Thursday’s indictment represents the department’s latest in “name and shame” charges, designed to instead restrict the international travels of those named in the filing but also send a warning to others.
“We hope the day will come when the defendants face justice under the rule of law in a federal courtroom,” said Rosenstein.
China has long rebuffed complaints from other nations accusing it of cyberattacks and espionage, but didn’t immediately comment on Thursday’s indictment.