Two Chinese nationals have been charged with hacking hundreds of entities around the world, including U.S. biotech companies developing COVID-19 vaccines and treatments, while working with China's security services.
Li Xiaoyu, 34, and Dong Jiazhi, 33, were charged in an 11-count indictment unsealed in the eastern district of Washington state Tuesday, marking the first time U.S. prosecutors have indicted Chinese hackers for what they termed the "blended threat" of working for the Chinese state while also targeting victims for personal gain.
John Demers, head of the Justice Department's national security division, accused China of aiding cybercriminals.
"China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cybercriminals in exchange for those criminals being 'on call' to work for the benefit of the state, here to feed the Chinese Communist party's insatiable hunger for American and other non-Chinese companies' hard-earned intellectual property, including COVID-19 research," Demers said at a news conference.
Li and Dong, former classmates at an electrical engineering school in China, performed two complementary roles during the hacking campaign, according to the 27-page indictment. While Dong researched victims and carried out reconnaissance, Li hacked networks and stole information, it said.
The two remain at large.
The indictment alleges that the pair were aided by intelligence officers at China's Ministry of State Security, an agency previously implicated in economic espionage. The unidentified agents were not charged.
According to the indictment, the hacking campaign began in 2009 and continued through early July when the two men were charged. Targeted industries included high-tech manufacturing, gaming software and solar energy. The victim companies were located in the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden and Britain, among other places. Hundreds of millions of dollars' worth of trade secrets, intellectual property and other business information was stolen, it said.
In recent months, as U.S. biotech firms began developing vaccines, treatments and testing for COVID-19, the disease caused by the novel coronavirus, the hackers unsuccessfully sought to target their research, the indictment alleges.
In addition to attacking businesses, the hackers infiltrated the online accounts of Chinese dissidents, clergy and rights activists in the United States, China and other countries, providing their personal information to the Chinese government, according to Demers. Stolen email accounts and passwords belonging to a Hong Kong community organizer, the pastor of a Church in China, and a former Tiananmen Square protester were given to the Ministry of State Security, according to the indictment.
"These intrusions are yet another example of China's brazen willingness to engage in theft through computer intrusions contrary to their international commitments," including a 2015 understanding with the United States, Demers said.
The indictment comes as U.S. officials raise the alarm about Chinese efforts to steal U.S. intellectual property as part of a broader effort to supplant the United States as the world's only superpower.
FBI Director Christopher Wray, on July 7, called China's economic espionage the "greatest long-term threat to our nation's information and intellectual property, and to our economic vitality."
Almost half of the nearly 5,000 active FBI counterintelligence cases are related to China, Wray said, adding that the bureau is adding a new counterintelligence case related to China every 10 hours.
Attorney General William Barr said on Thursday that China is engaged in an "economic blitzkrieg" against the United States, accusing U.S. businesses of bowing to Chinese pressure in pursuit of profit.
China rejected U.S. allegations of IP theft and economic espionage.
"Some U.S. politicians seem to be alleging time and again that China is waging cyberattacks to steal U.S. research on COVID-19 vaccines," Chinese Foreign Ministry spokesperson Hua Chunying said last week. "Our top researchers don't need to secure an edge by theft. As we speak, Chinese research teams are moving ahead with multiple vaccine tasks through five technical routes."