The US Justice Department has charged five Chinese citizens with hacks targeting more than 100 companies and institutions in the United States and elsewhere, including social media and video game companies as well as universities and telecommunications providers, officials said Wednesday.
The hackers also targeted non-profit organizations, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.
The five defendants remain fugitives, but prosecutors say two Malaysian businessmen accused of conspiring with the alleged hackers to profit off the attacks on video game companies were arrested in that country this week and face extradition proceedings.
The indictments announced Wednesday are part of a broader effort by the Trump administration to call out cybercrimes by China. In July, prosecutors accused hackers of working with the Chinese government to target firms developing vaccines for the coronavirus and stealing hundreds of millions of dollars worth of intellectual property and trade secrets from companies across the world.
The DOJ said the intrusions, which security researchers have tracked using the threat labels “APT41,” “Barium,” “Winnti,” “Wicked Panda,” and “Wicked Spider,” facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information.
These intrusions also facilitated the defendants’ other criminal schemes, including ransomware and “crypto-jacking” schemes, the latter of which refers to the group’s unauthorized use of victim computers to “mine” cryptocurrency.
“The department of Justice has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens,” said Deputy Attorney General Jeffrey A. Rosen. “Regrettably, the Chinese communist party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.”
“Today’s charges, the related arrests, seizures of malware and other infrastructure used to conduct intrusions, and coordinated private sector protective actions reveal yet again the department’s determination to use all of the tools at its disposal and to collaborate with the private sector and nations who support the rule of law in cyberspace,” said Assistant Attorney General John C. Demers. “This is the only way to neutralize malicious nation state cyber activity.”