DOJ indicts Chinese hackers accused of targeting COVID-19 research

The Department of Justice (DOJ) on Tuesday rolled out an 11-count indictment against two Chinese hackers allegedly involved in targeting “hundreds” of companies around the world, including most recently U.S. groups researching COVID-19 vaccines and treatments.

The indictment alleges that Chinese nationals Li Xiaoyu and Dong Jiazhi stole terabytes of data over ten years from companies in nations including the U.S., Sweden, the Netherlands, Spain, the United Kingdom and Australia. 

The defendants, who currently work for the Guangdong Province International Affairs Research Center in China, targeted companies in the fields of high-tech manufacturing, medical device and industrial engineering, education, gaming software, solar energy, defense and pharmaceuticals, the DOJ said. 

Most recently, the defendants are alleged to have targeted the networks of U.S. companies involved in coronavirus research, including those developing vaccines and treatments.

The indictment noted that while the defendants often targeted the companies for their own gain, they also worked at the behest of the Chinese Ministry of State Security (MSS) or other Chinese government agencies. The defendants are alleged to have given the MSS email passwords belonging to Chinese dissidents, allowing the targeting of a Hong Kong community organizer, a Christian Church in China and a former Tiananmen Square protester, among others. 

Assistant Attorney General John Demers said during a press conference Tuesday that the actions of the defendants and of the Chinese government in protecting them ran “afoul of norms of acceptable state behavior in cyberspace, which the international community must address.”

“China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist Party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” Demers said. 

Demers noted that the indictment was one of the first times the Justice Department had announced charges involving a “blended threat” of defendants hacking for personal gain and the state allowing them to continue this criminal activity in return for helping the government. 

“China’s anti-competitive behavior and flagrant disregard for their promises not to engage in cyber-enabled intellectual property theft is not just a domestic issue; it is a global issue,” he said. “The indictment shows very clearly that no country is immune. Any country with a successful company or industry must be on guard and prepared to protect itself.”

The hacking effort was first discovered in the networks of the Department of Energy’s Hanford Site in Eastern Washington, where in 2015 the defendants reportedly stole information on Hanford personnel and lists of authorized accounts. More recent victims include pharmaceutical companies in Massachusetts and California, with the defendants stealing information that would benefit competitors of the companies, officials say.  

International companies targeted included a Dutch electronics firm, an Australian solar energy group and a British artificial intelligence and cancer research center.  

The defendants mostly exploited publicly known software vulnerabilities, including some that were only just discovered when exploited, to access company networks, the DOJ said. 

“As the grand jury charged, the computer systems of many businesses, individuals and agencies throughout the United States and worldwide have been hacked and compromised with a huge array of sensitive and valuable trade secrets, technologies, data, and personal information being stolen,” U.S. Attorney William Hyslop for the Eastern District of Washington said Tuesday. 

Sen. Ben Sasse (R-Neb.), a member of the Senate Intelligence Committee, strongly condemned Chinese hacking efforts in a statement on Tuesday.

“This indictment reveals yet again that Chairman Xi leads an army of hackers that steal and attempt to steal — every single day, in almost every country and industry,” Sasse said. “Indictments like this are an important way to focus attention on an urgent problem, but we need to be using more of the tools at our disposal to fight back against this communist aggression.”

The DOJ announcement comes as the Trump administration has intensified pressure on the Chinese government over the past weeks, with both FBI Director Christopher Wray and Attorney General William Barr recently giving speeches highlighting espionage and other threats posed by China. Tensions between the U.S. and China have spiked due to the COVID-19 pandemic and recent developments in Hong Kong.

The indictment was rolled out two months after the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) announced in a joint alert that Chinese-government-backed hackers were targeting American organizations involved in developing coronavirus treatments and vaccines.  

Russian and Iranian hackers have also been alleged to have targeted these companies in recent weeks. CISA Director Christopher Krebs said last month that he expects “every intelligence service” to attempt to target COVID-19 research as the world races to develop treatments and vaccines for the virus.