Two state-sponsored hackers in China targeted US businesses in a “sophisticated and prolific threat” for more than 10 years, both for financial gain and to steal trade secrets, the Department of Justice said today.

The 11-count indictment (PDF), which was made public today, alleges Li Xiaoyu and Dong Jiazhi worked with China’s Ministry of State Security (MSS) and other agencies to hack into “hundreds of victim companies, governments, non-governmental organizations, and individual dissidents, clergy, and democratic and human rights activists in the United States and abroad.”

Li and Dong were allegedly infiltrating networks of businesses in a wide array of sectors, including “high tech manufacturing; civil, industrial, and medical device engineering; business, educational, and gaming software development; solar energy; and pharmaceuticals,” as well as defense contractors, since at least September 2009. In recent months, prosecutors allege, the two were seeking ways in to “the networks of biotech and other firms publicly known for work on COVID-19 vaccines, treatments, and testing technology” in at least 11 countries, including the US.

The indictment does not name the firms in question, only saying that “on or about January 25 and 27,” Li was trying to break into networks at a Maryland biotech firm and a Massachusetts biotech firm, both of which were publicly known by that point to be working on COVID-19 vaccines. Matching up the timelines, the targets seem to have been Novavax, based in Gaithersburg, Maryland, and Moderna, based in Cambridge, Massachusetts.

In addition to several instances when the pair were allegedly working with MSS and other government entities, Li and Dong were also trying to make some money on the side, the indictment alleges. “At least once, they returned to a victim from which they had stolen valuable source code to attempt an extortion—threatening to publish on the internet, and thereby destroy the value of, the victim’s intellectual property unless a ransom was paid.”

Assistant Attorney General for National Security John C. Demers said in a written statement:

China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being “on call” to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research.

Russia, too, stands accused of trying to steal COVID-19-related trade secrets from other nations. On Friday, the National Security Agency and its UK and Canada counterparts said hackers linked to Russian intelligence were attempting to break into organizations that are working on potential vaccines for COVID-19. (Russia denied the allegations.)

The bigger picture

Tensions between China and the United States have been running high since 2017, particularly when it comes to technology, hacking, and national security.

This is not the first time this year the DOJ has indicted Chinese nationals for alleged high-profile hacking activity inside the US. Back in February, the DOJ said state-sponsored hackers in China were responsible for the 2017 Equifax breach, arguably the worst-ever leak of US individuals’ private data.

The Trump administration is considering a ban on TikTok and other apps owned by China-based companies, Secretary of State Mike Pompeo said earlier this month. The administration is also enforcing bans on equipment made by China-based firms Huawei and ZTE, as well as sanctions preventing US companies from exports to both companies, citing national security concerns.

https://arstechnica.com/?p=1693284