Photo: Castaneda Luis/AGF/UIG via Getty Images

The Department of Justice on Tuesday unsealed an indictment charging two individuals with working as hackers for the Ministry of State Security, China’s main civilian intelligence agency.

What we know: The campaign dates back to 2009 and targeted defense contractors, tech companies, dissidents —and, more recently, institutions involved in COVID-19 research.

  • The hackers stole terabytes of data and “hundreds of millions of dollars’ worth” of intellectual property and trade secrets, says the indictment.
  • Prosecutors say the hackers worked for the MSS as contractors, both freelancing for their own economic gain — in one case trying to extract a ransom payment from a victim company whose intellectual property the hackers had pilfered — as well as responding to specific tasking from MSS officials.

In one case, MSS officials provided the two contractors with a “zero day” exploit — that is, a previously unknown vulnerability — to hack into the network of Burmese human rights groups.

  • The campaign was truly global in scope, with victim companies in “the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, South Korea, Spain, Sweden, and the United Kingdom,” among other countries, say prosecutors.
  • According to the indictment, the hackers breached a breathtaking number of targets across many sectors, including a Department of Energy facility in Washington State; gaming companies in Europe; a Japanese medical device maker; an Australian defense firm; a U.S. educational company, where the hackers stole personally identifiable data from “millions” of students and teachers; and many other private companies.

Our thought bubble: Though the indictment provides a fascinating glimpse into the tactics, techniques and procedures of hackers affiliated with Chinese intelligence, it is unlikely to have much of a deterrent effect.

  • The hackers’ targets fall squarely within the established parameters of nation-state spying — especially China’s focus on economic espionage. China’s spies won’t simply stop spying because a few contractors got busted.

But the indictment could potentially throw a wrench into China’s activities by revealing just how much the U.S. knows about them.

  • The indictment discloses, for instance, the name of an MSS facility in China that operated under a false name — and includes actual pictures of the building.
  • How did the U.S. learn about the facility? Who took the pictures? How long have U.S. intelligence personnel been sitting on this information? What other MSS facilities may the U.S. know about?
  • These are the types of questions China’s spies may be asking themselves, in various degrees of frenzy.

Between the lines: This type of disruptive, offensive counterintelligence campaign may be precisely what U.S. officials had planned by disclosing these facts in an indictment that will likely never go to trial.

Go deeper: Inside hackers' pivot to medical espionage

Go deeper

Twitter says hackers accessed DMs during mass attack

Photo: Omar Marques/SOPA Images/LightRocket via Getty Images

Twitter announced that hackers were able to access the direct messages of 36 of 130 targeted accounts, including an elected official in the Netherlands, as part of a mass hack that targeted notable figures on July 15.

Why it matters: Wednesday's announcement shows that hackers retrieved sensitive information from more than eight accounts that had their full information downloaded. Twitter said it is still unaware whether more accounts’ direct messages were accessed.

  • Twitter declined to comment to Axios on how many verified users were among the 36 people whose messages were accessed. It previously said no verified accounts were among those that had their full information downloaded.
Updated 37 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 12:30 a.m. ET: 18,288,573 — Total deaths: 693,805 — Total recoveries — 10,916,907Map.
  2. U.S.: Total confirmed cases as of 12:30 a.m. ET: 4,713,562 — Total deaths: 155,469 — Total recoveries: 1,513,446 — Total tests: 57,543,852Map.
  3. Education — Fauci: Schools can reopen with safeguards, but those in virus hot spots should remain closed
  4. Politics: White House will require staff to undergo randomized coronavirus testing — Pelosi says Birx "enabled" Trump on misinformation.
  5. Sports: 13 members of St. Louis Cardinals test positive, prompting MLB to cancel Tigers series — Former FDA chief says MLB outbreaks should be warning sign for schools.
  6. 1 🎥 thing: "Tenet" may be the first major film to get a global pandemic release.
Updated 2 hours ago - Science

Hurricane Isaias makes landfall in North Carolina

People walk through floodwaters on Ocean Blvd. in Myrtle Beach, South Carolina, on Monday. Photo: Sean Rayford/Getty Images

Hurricane Isaias made landfall as a Category 1 storm near Ocean Isle Beach in southern North Carolina at 11:10 p.m. ET Monday, packing maximum sustained winds of 85 mph, per the National Hurricane Center (NHC).

What's happening: Hurricane conditions were spreading onto the coast of eastern South Carolina and southeastern N.C., the NHC said in an 11 p.m. update. Ocean Isle Beach Mayor Debbie Smith told WECT News the eye of the storm triggered "a series of fires at homes" and "a lot of flooding." Fire authorities confirmed they were responding to "multiple structure fires in the area."