Stories

DOJ indicts 2 Chinese agents for hacking U.S. organizations

Chinese flag
Photo: Castaneda Luis/AGF/UIG via Getty Images

The Department of Justice unsealed indictments against 2 Chinese hackers affiliated with the Ministry of State Security Friday.

Why it matters: The group known as APT 10, running a campaign nicknamed Operation Cloud Hopper, recently attacked managed IT services, providing a gateway to intellectual property and trade secrets worldwide. The group has attacked biotech, healthcare, NASA, oil and gas exploration, and other industries.

What they're saying: "It's just as if they broke into the companies and stole the data physically," said Deputy Attorney General Rod Rosenstein.

Details: The two hackers, Zhu Hua and Zhang Shilon, are said in the indictment to have attacked more than 45 technology companies in at least a dozen U.S. states as well as U.S. government agencies — including obtaining the personal information of more than 100,000 naval service members.

  • The DOJ alleges the pair worked for Huaying Haitai Science and Technology Development Company and were contracted by China as cyber mercenaries.
  • Per the indictment, APT 10 has been active since at least 2006 and has been attacking managed service providers since 2014.
  • Other nations with APT 10 targets included Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, and the United Kingdom.

Background: "Cloud Hopper is one of the most aggressive of Chinese groups," said Ben Read, senior manager for cyber intelligence at FireEye.

  • FireEye has seen the group involved in a great deal of economic espionage, ranging from hacking internet service providers to targeting a pharmaceutical firm.
  • "An indictment might pause operations, but probably won't stop them," said Read, noting an array of other Chinese groups involved in seemingly state-sanctioned commercial espionage.

The Department of Justice has been on a recent tear of filing charges against Chinese officials.

  • Then-Attorney General Jeff Sessions announced a new DOJ China initiative on Nov. 1 while discussing the indictment of a Taiwanese, state-owned company for theft of trade secrets from U.S.-based Micron.
  • But even before the initiative, Chinese intellectual property theft was on the DOJ's radar for quite a while. Prosecutions can take years to develop, and former officials believe the current flurry of indictments is the fruit of a strategy that began back in the Obama administration.
  • At a Senate Judiciary Committee hearing last week, John Demers, assistant attorney general for the National Security Division, said 90% of intellectual property theft that involved a foreign country came out of China, which Rosenstein echoed Thursday.

The trade war with China is notionally a separate issue than intellectual property theft, as is the arrest of a Huawei executive for trade sanctions violations, the penalizing of ZTE for similar trade sanctions violations and the U.S. accusations of election interference. But all these issues combine to form a slurry of discord between the Trump administration and China.