U.S. Says China Hackers Stole Secrets, Sought Virus Data

(Bloomberg) – The U.S. accused two Chinese hackers of working for Beijing to steal or try to steal terabytes of data, including coronavirus research, from Western companies in 11 nations — the second time in a week a foreign nation has been singled out for vaccine-related hacking.

The Justice Department released an indictment Tuesday against the individuals, whom it identified as Li Xiaoyu and Dong Jiazhi. It said that the two men were assisted by China’s Ministry of State Security and that defense contractors and weapons systems were hacked along with medical research.

“Li and Dong, former classmates at an electrical-engineering college in Chengdu, China, used their technical training to hack the computer networks of a wide variety of victims,” according to the indictment. “The defendants stole hundreds of millions of dollars’ worth of trade secrets, intellectual property, and other valuable business information.”

Rising Tensions

The accusations threaten to escalate tensions even further between the U.S. and Beijing — over China’s treatment of Hong Kong, the origins of the Covid-19 pandemic, claims in the South China Sea and the future of next-generation 5G technology. Intellectual-property theft concerns have long been a source of strain between the two powers.

“China is providing a safe haven” for hackers working for personal profit and the state’s interests, John Demers, head of the Justice Department’s National Security Division, said at a press conference Tuesday. Cyber intrusions are part of the country’s “rob, replicate and replace strategy to technological development,” he said.

Demers declined to specify whether the hackers were successful in stealing coronavirus research. But he said the U.S. is concerned that attacks against companies working on Covid-19 research could slow down their efforts, or result in data being manipulated.

The indictment doesn’t name specific companies or institutions that were targeted, but does provide some identifying information — such as where they are located and when the attacks took place. For example, between January and February 2020, Li Xiaoyu searched for vulnerabilities in computer networks of firms in Massachusetts, Maryland, and California that were researching Covid-19 vaccines and antiviral drugs.

The U.S. knows the identity of Chinese officials who aided the hackers but declined to indict them at this time, Demers said.

Asked for a reaction, officials at China’s embassy in Washington pointed to comments made by Hua Chunying, a spokesperson for the country’s foreign ministry, on July 17.

“We keep stressing that China is a staunch defender of cybersecurity,” Hua said at the time. “China has long been a major victim of cyber thefts and attacks. Our position on cybersecurity issues is consistent and clear. We firmly oppose and fight all forms of cyber attacks and thefts.”

According to the Justice Department, companies targeted by the hackers were based in the U.S., Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, South Korea, Spain, Sweden and the U.K. The hackers had been carrying out attacks for over a decade, according to the statement.

Source Code

“The indictment charges the defendants with conspiring to steal trade secrets from at least eight known victims, which consisted of technology designs, manufacturing processes, test mechanisms and results, source code, and pharmaceutical chemical structures,” according to the statement.

Such information would give “a market edge by providing insight into proprietary business plans and savings on research and development costs in creating competing products,” the Justice Department said.

The FBI had previously warned that Chinese hackers were targeting Covid-19 research organizations in an effort to obtain data related to vaccines, treatments and testing.

And last week, cybersecurity agencies from the U.S., U.K., and Canada accused a Russian government-linked hacker group of trying to steal Covid-19 vaccine research. Known as APT29 or Cozy Bear, it had developed malware and exploited known security vulnerabilities in an effort to break into computers used by organizations working on the vaccine, according to the agencies. Russia has rejected those accusations.