Chinese Hackers Indicted on 11 Counts, Including Attack on British AI Firm

Duo helped steal “terabytes” of facts from higher know-how firms

Two Chinese hackers have been indicted these days by the US Department of Justice (DOJ) for a prolific, eleven-calendar year world wide campaign that allegedly noticed them steal software program supply code, weapons layout content and pharmaceutical mental property.

Starting off in September 2009, via to July 2020, the two allegedly stole “terabytes” of delicate facts. Among the their most the latest alleged world wide victims: an unnamed Uk “Artificial Intelligence and cancer exploration firm”, dubbed “Victim 25”.

The eleven-count indictment alleges that LI Xiaoyu (李啸宇), 34, and DONG Jiazhi (董家志), 33 hacked a assortment of know-how industries in the Uk, US, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea and Sweden.

The two, who went to the very same higher education, exploited known software program vulnerabilities in common world wide web server software program, world wide web software growth suites, and software program collaboration programs.

See also: The Leading 10 Most Exploited Vulnerabilities

They then utilized a broad assortment of variants on the “China Chopper” world wide web shell to manipulate compromised world wide web servers into acting as network gateways, packaged victim facts in compressed RAR documents that they disguised as jpgs, and saved them in victim’s recycle bins for afterwards exfiltration, a DOJ indictment released these days reveals.

(The indictment is the most recent indication that western intelligence expert services are being ever more organised and bullish in conducting counter-intelligence get the job done that can guide to thorough, really public indictments with the prospective for political impression. The DOJ thanked the NSA and FBI for main the investigation).

US, Partners “will not stand idly by to this threat”

“Today’s indictment demonstrates the significant outcomes the Chinese MSS and its proxies will deal with if they continue on to deploy destructive cyber ways to either steal what they are unable to produce or silence what they do not want to hear,” mentioned FBI Deputy Director David Bowdich. “Cybercrimes directed by the Chinese government’s intelligence services… seriously undermine China’s want to grow to be a revered leader in globe affairs. The FBI and our global associates will not stand idly by to this menace, and we are dedicated to keeping the Chinese governing administration accountable.”

“The cybercrime hacking transpiring right here was to start with learned on computer systems of the Department of Energy’s Hanford Website in Japanese Washington” the DOJ mentioned.

“The laptop devices of lots of enterprises, persons and agencies throughout the United States and worldwide have been hacked and compromised with a huge array of delicate and valuable trade strategies, technologies, facts, and own information and facts being stolen.  The hackers operated from China each for their have gain and with the guidance and for the benefit of the Chinese government’s Ministry of State Security.”

Ben Read through, Senior Supervisor of Evaluation, Mandiant Danger Intelligence, observed: “This indictment demonstrates the exceptionally higher value that all governments, such as China, place on COVID-19 similar information and facts. It is a basic menace to all governments all-around the globe and we be expecting information and facts relating to treatments and vaccines to be focused by multiple cyber espionage sponsors.

He included: The Chinese governing administration has extended relied on contractors to perform cyber intrusions. Applying these freelancers permits the governing administration to obtain a broader array of talent, while also supplying some deniability in conducting these functions. The pattern explained in the indictment the place the contractors carried out some functions on behalf of their governing administration sponsors, while other individuals were being for their have gain is regular with what we have found from other China-nexus teams this kind of as APT41.”

Banner image demonstrates the Guangzhou facility the two allegedly worked from. Credit: DOJ

See also: Russian Malware Kingpin Named as Head of “Evil Corp” by NCA, FBI