US charges ‘China government hackers’
The US justice department has indicted two Chinese men accused of hacking into the computer networks of companies and government agencies in Western countries.
The pair are allegedly part of a “hacking group” known as Advanced Persistent Threat 10, affiliated with China’s main intelligence service.
They have not been arrested.
The US and UK have accused China of violating an agreement relating to commercial espionage.
Zhu Hua and Zhang Shilong worked for a company called Huaying Haitai and in association with the Chinese Ministry of State Security, the US court filing says.
The Federal Bureau of Investigation (FBI) said that from at least 2006 until 2018, the two extensively hacked into computer systems with the aim of stealing intellectual property and confidential business and technological information from:
- at least 45 commercial and defence technology companies in at least 12 US states
- managed service providers (MSPs) and their government and commercial clients in at least 12 countries, including the UK, Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, and the UAE, as well as the US
- US government agencies
The FBI said they had also hacked into US Navy computer systems and stolen the personal information of more than 100,000 personnel.
FBI director Christopher Wray said the two men were at present “beyond US jurisdiction”.
Announcing the unsealing of the indictments, US Deputy Attorney General Rod Rosenstein said China had violated a 2015 agreement under which it had pledged to not engage in commercial cyber-spying.
Mr Rosenstein said his department’s move had been co-ordinated with US allies in Europe and Asia to rebuff “China’s economic aggression”.
He added: “We want China to cease its illegal cyber activities.”
The UK government said it was joining allies in holding the Chinese government responsible for a global campaign targeting commercial secrets.
UK Foreign Secretary Jeremy Hunt said: “This campaign is one of the most significant and widespread cyber intrusions against the UK and allies uncovered to date, targeting trade secrets and economies around the world.
“These activities must stop. They go against the commitments made to the UK in 2015, and, as part of the G20, not to conduct or support cyber-enabled theft of intellectual property or trade secrets.”
‘Chinese hackers return’
By Gordon Corera, security correspondent
This is the latest salvo in Washington’s attempt to pressure Beijing on a range of issues, with economic espionage one of the most high-profile.
US and UK officials are reluctant to name the companies that have been hit but they say the economic damage has been significant.
The hackers, officials say, work under the direction of China’s Ministry of State Security – one of the country’s intelligence organisations.
“It is organised more like a corporation than a gang,” one UK official says, adding that British intelligence has the highest level of confidence in their assessment of who was responsible.
The UK and US believe China is breaking a 2015 agreement not to steal commercial data to help its companies. There was a dip in activity after the deal was signed (which followed a period of pressure by Washington, including the indictment of Chinese military hackers and the threat of sanctions).
But US and UK sources both say that recently they have seen Chinese hackers return, now operating more stealthily, whereas in the past they were easier to spot.
Where the US has been vocal in recent months, this is the first time the UK has spoken out – perhaps because it has been concerned about risking trade ties and getting pulled into the Trump administration’s broader confrontation with Beijing.
UK officials say they have raised the matter privately a number of times with Beijing over the last two years, including during the prime minister’s visit earlier this year, and officials are keen to stress that they think the relationship with China is strong enough to allow them to address these issues without causing wider problems.