US charges 5 Chinese citizens in global hacking campaign

Sep 16, 2020 | 9:56 AM

WASHINGTON — The Justice Department has charged five Chinese citizens with hacks targeting more than 100 companies and institutions in the United States and elsewhere, including social media and video game companies as well as universities and telecommunications providers, officials said Wednesday.

The five defendants remain fugitives, but prosecutors say two Malaysian businessmen accused of conspiring with the alleged hackers to profit off the attacks on the billion-dollar video game industry were arrested in Malaysia this week and face extradition proceedings.

The indictments are part of a broader effort by the Trump administration to call out cybercrimes by China. In July, prosecutors accused hackers of working with the Chinese government to target companies developing vaccines for the coronavirus and of stealing hundreds of millions of dollars worth of intellectual property and trade secrets from companies across the world.

The allegations, and range of victims, in Wednesday’s announcement were significantly broader. Officials say the yearslong hacking scheme was wide-ranging, was aimed at various business sectors and academia and was carried out by a China-based group known as APT41. It was accused in a report last year by the FireEye cybersecurity firm of carrying out state-sponsored and financially motivated operations.

The Justice Department did not directly link the hackers to the Chinese government. But officials said the hackers were probably serving as proxies for Beijing because some of the targets, including pro-democracy dissidents and students in Taiwan, were in line with government interests.

Those targets “are a trademark of espionage,” said acting U.S. Attorney Michael Sherwin of the District of Columbia, where the indictments were filed.

In addition, one of the five defendants told a colleague that he was very close to the Chinese Ministry of State Security and would be protected “unless something very big happens,” and agreed not to go after targets in China, said Deputy Attorney General Jeffrey Rosen. Rosen criticized the Chinese government for what he said was a failure to disrupt hacking crimes and to hold hackers accountable.

“We know the Chinese authorities to be at least as able as the law enforcement authorities here and in like-minded states to enforce laws against computer intrusions. But they choose not to,” Rosen said.

There was no immediate response Wednesday to an email seeking comment from the Chinese Embassy in Washington.

Eric Tucker, The Associated Press