Two Chinese nationals, Li Xiaoyu and Dong Jiazhi have been charged with spying for the Chinese government for more than ten years.
The indictment is an 11-count charge, which includes conspiracy to steal trade secrets, fraud, etc. Li and Dong were able to change file names; hid programs and documents at specific locations, and access victims’ systems through the use of RAR files.
The indictment alleges the conspiracy to steal trade secrets, source codes, pharmaceutical chemical structures, technology designs, test mechanism and result, manufacturing processes, from eight victims.
The accused nationals perpetrated the acts for both personal reasons and their country, China. Some of their victims include South Korea, Germany, Netherlands, United Kingdom, non-governmental organizations, clergy, companies’ human rights activist, dissidents in the United States, etc.
Their point of the attack were vulnerabilities in software. Exploiting these vulnerabilities gave them access to data (including web server apps, web app development suites, and software collaboration programs).
In other cases, they leveraged on recently published flaws.
Stolen data were relayed to the Chinese Ministry of State Security (MSS).
Li and Dong had the help of an unnamed MSS official.
While fulfilling the MSS needs, the two Chinese nationals stole valuable information; data on counter-chemical weapons systems, ship-to-helicopter integration systems, military satellite programs, and wireless networks and communications systems.
The hackers stole millions of dollars worth of secrets and intellectual property, and also ransomed some of the stolen data.
Due to their relevance in information gathering for the MSS, the hackers received haven in China while coordination attacks in victims.
According to a statement released by the DoJ; “Li and Dong, targeted a broad range of industries, including high tech manufacturing, engineering, software, solar energy, pharmaceuticals, and defense. Recently, they targeted the networks of organizations developing COVID-19 vaccines; testing technology, and treatments.” They supplied victims’ data to the MSS.
The DoJ says, “such information would give competitors with a market edge by providing insight into proprietary business plans; and savings on research and development costs in creating competing products.”
The indictment further states the details of the stolen data (the type of data, organization stolen from, when it was stolen, etc.)
It also accuses them of using the China Chopper web shell to maintain compromised environments and place them on victims’ networks. Even as far as passwording the web shells. (The China Chopper web shell is a tool by Chinese hackers).
The Assitant Attorney General for National Security John C. Demers expressed his disappointment in the Chinese government. “China has now taken its place, alongside Russia, Iran, and North Korea; in that shameful club of nations that provide a haven for cybercriminals in exchange for those criminals being ‘on-call’ to work for the benefit of the state. Here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property; including COVID-19 research.”
