Justice Department indicts Chinese, Malaysian hackers for targeting over 100 companies

The Justice Department on Wednesday announced indictments against five Chinese and two Malaysian individuals for allegedly targeting and hacking more than 100 companies in the U.S. and around the world. 

The five Chinese nationals, part of a hacking group known as “APT41,” were charged with targeting video game companies, telecommunications groups, social media platforms, computer hardware manufacturers, foreign governments, universities, think tanks, and pro-democracy activists in Hong Kong, while two Malaysian nationals were taken into custody for conspiracy in some of the attacks. 

In addition, the Justice Department announced that the U.S. Attorney’s Office for the District of Columbia had issued warrants to seize hundreds of accounts, servers and domain names used by the alleged hackers to conduct attacks. The agency noted that Microsoft assisted this effort by implementing measures to block the hackers from accessing networks, and that Facebook, Verizon and Google had also assisted in this effort. 

“Today’s charges, the related arrests, seizures of malware and other infrastructure used to conduct intrusions, and coordinated private sector protective actions reveal yet again the department’s determination to use all of the tools at its disposal and to collaborate with the private sector and nations who support the rule of law in cyberspace,” Assistant Attorney General John Demers said in a statement. “This is the only way to neutralize malicious nation state cyber activity.”

While law enforcement officials did not directly attribute the attacks to the Chinese government, Michael Sherwin, the acting U.S. attorney for the District of Columbia, told reporters Wednesday that some of the Chinese nationals indicted carried out the attacks with the confidence that the Chinese government would not move against them. 

“They were working for personal gain, but they also were proxies for the Chinese government,” Sherwin said. 

Chinese nationals Zhang Haoran and Tan Dailin were indicted on 25 counts — including for conspiracy, money laundering, and identity theft — for allegedly targeting high-tech groups along with hacking video games and generating virtual items to sell for profit within the game. 

Three other Chinese nationals — Jiang Lizhi, Qian Chuan and Fu Qiang — were indicted on nine counts, including violating the Computer Fraud and Abuse Act, racketeering and identity theft. The three individuals are alleged to have targeted more than 100 companies in the U.S. and more than a dozen other countries, along with targeting a ransomware attack at a nonprofit group that combats global poverty. 

The three nationals are also alleged to have targeted networks of foreign governments in Vietnam, India and the United Kingdom. While the intrusions in Vietnam and India were successful, the individuals allegedly were unable to access systems in the United Kingdom. 

Two Malaysian nationals — Wong Ong Hua and Ling Yang Ching — are alleged to have conspired with two of the Chinese nationals to target and profit from hacking into video game companies in the U.S. and abroad. 

Both were arrested by Malaysian authorities earlier this week, and face extradition to the U.S. to face 23 counts of racketeering, conspiracy, identity theft, aggravated identity theft, access device fraud, money laundering and other charges as part of an indictment. The charges added together include several decades of potential jail time. 

Justice Department and law enforcement officials expressed frustration Wednesday that the Chinese government was not willing to work with them to apprehend the five Chinese nationals indicted.

“We know the Chinese authorities to be at least as able as the law enforcement authorities here and in like-minded states to enforce laws against computer intrusions, but they choose not to,” Deputy Attorney General Jeffrey Rosen told the press Wednesday. 

“But know this: no responsible country can be respected as a global leader while paying only lip service to the rule of law and without taking steps to disrupt brazen criminal acts like these,” Rosen added. “No responsible government knowingly shelters cyber criminals that target victims worldwide in acts of rank theft.”

The APT41 hacking group involved in the attacks announced Wednesday was previously accused by cybersecurity group FireEye in March of launching what it described as “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.” The group was accused by FireEye of stepping up attacks on healthcare and pharmaceutical companies. 

The charges were announced as the Justice Department, and the Trump administration overall, has ramped up efforts to prosecute Chinese hacking efforts. 

The Justice Department indicted two Chinese nationals in July for allegedly targeting hundreds of companies around the world, including U.S. groups researching COVID-19 vaccines and treatments. The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also previously warned in May that Chinese hackers were targeting U.S. companies involved in COVID-19 research.