By Raphael Satter and Christopher Bing
WASHINGTON (Reuters) – The U.S. Justice Department on Tuesday indicted two Chinese nationals over their role in what the agency called a decade-long cyber espionage campaign that targeted defense contractors, COVID researchers and hundreds of other victims worldwide.
U.S. authorities said Li Xiaoyu and Dong Jiazhi stole terabytes of weapons designs, drug information, software source code, and personal data from targets that included dissidents and Chinese opposition figures. They were contractors for the Chinese government, rather than full-fledged spies, U.S. officials said.
U.S. Assistant Attorney General for National Security John Demers said at a virtual press conference the hackings showed China “is willing to turn a blind eye to prolific criminal hackers operating within its borders.”
“In this manner, China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provides safe haven for cybercriminals in exchange for those criminals being on call for the benefit of the state.”
Messages left with several accounts registered under Li’s digital alias, oro0lxy, were not immediately returned. Contact details for Dong were not immediately available.
The Chinese Embassy in Washington referred Reuters to recent Chinese Foreign Ministry comments that “China has long been a major victim of cyber thefts and attacks” and its officials “firmly oppose and fight” such activities.
The indictment mostly did not name any companies or individual targets, but U.S. Attorney William Hyslop, who spoke alongside Demers, cited “hundreds and hundreds of victims in the United States and worldwide.” Officials said the probe was triggered when the hackers broke into a network belonging to the Hanford Site, a decommissioned U.S. nuclear complex in eastern Washington state, in 2015.
Li and Dong were “one of the most prolific group of hackers we’ve investigated,” said FBI Special Agent Raymond Duda, who heads the agency’s Seattle field office.
A July 7 indictment made public on Tuesday alleges that Li and Dong were contractors for China’s Ministry of State Security, or MSS, a comparable agency to the U.S. Central Intelligence Agency. The MSS, prosecutors said, supplied the hackers with information into critical software vulnerabilities to penetrate targets and collect intelligence. Targets included Hong Kong protesters, the office of the Dalai Lama and a Chinese Christian non-profit.
As early as Jan. 27, as the coronavirus outbreak was coming into focus, the hackers were trying to steal COVID-19 vaccine research of an unidentified Massachusetts biotech firm, the indictment said.
It is unclear whether anything was stolen but one expert said the allegation shows the “extremely high value” that governments such as China placed on COVID-related research.
“It is a fundamental threat to all governments around the world and we expect information relating to treatments and vaccines to be targeted by multiple cyber espionage sponsors,” said Ben Read, a senior analyst at cybersecurity company FireEye.
He noted that the Chinese government had long relied on contractors for its cyberspying operations.
“Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations,” Read said.
(Reporting by Chris Sanders; Editing by Chizu Nomiyama and Richard Chang)