The US accuses two hackers of working with China’s Ministry of State security to obtain data from government organizations
Covid-19 research and trade secrets allegedly targeted by two Chinese nationals also involved in a ten-year-long hacking campaign. The department of Justice revealed charges against two hackers from China in the official indictment document. The two people who got accused of working with state groups were targeting people’s information, government data for their own gains too.
The 11-count indictment alleges LI Xiaoyu (李啸宇), 34, and DONG Jiazhi (董家志), 33, who were trained in computer applications technologies at the same Chinese university, conducted a hacking campaign lasting more than ten years to the present, targeting companies in countries with high technology industries.
According to multiple reports, terabytes of data might have been stolen already. LI Xiaoyu and DONG Jiazhi supposedly were involved in the hacking campaign that took over ten years according to these reports.
It is said that hackers worked from at least 2009 and targeted companies and organizations from many countries in the world, including United States, Australia, Belgium, Japan, Germany, Lithuania, Netherlands, Spain, Sweden, United Kingdom.
Li and Dong are accused of identity theft, wire fraud, conspiracy, and theft of trade secrets, violating anti-hacking laws. If convicted, these two hackers can receive the maximum sentence of at least 40 years.
Main targets including high tech manufacturing
These hackers supposedly stole terabytes of sensitive information from companies developing the Covid-19 vaccines, testing technologies, treatments for other illnesses. People from medical or industrial engineering companies, education, gaming software, solar energy, defense organizations, and pharmaceutical industries, got targeted by Li and Dong. These targets are important both for actors’ financial gain and the purpose of working for China’s Ministry of State Security.
FBI has already warned people about China and active data tracking and stealing operations. However, China is not the only country in the world that holds such attacks or gets accused of using offensive cyber attacks to steal coronavirus information. Assistant Attorney General John C. Demers stated:
China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state.
Hackers exploited the publicly known flaws in popular web server software
According to sources, hackers gain access to the p targeted networks when the publicly known software vulnerability got exploited. Since those flaws are newly announced, in most cases, so web application development suites, software collaboration programs, web server software, and other apps were working unpatched.
Once on the system, defendants could install credential-stealing software, gain access to deeper layers and system folders, leverage web shells, execute malicious programs. Also, all data from the machine transferred using the compressed RAR files. The infiltration process got masked using the common .jpg file type extension that got at the end of those files.
Those hundreds of gigabytes or terabytes even consisted of information about drugs, vaccines, development and research information, source code, a weapon designed, personal information. There are some details about cryptocurrency extortion activities. Hackers claimed to release stolen source code on the internet and asked for the payment, so the victim paid up.