Federal prosecutors in San Diego announced charges Monday against four Chinese nationals accused of hacking computer systems across the globe to steal information to benefit the Chinese government.
The defendants allegedly belonged to and worked for the Hainan State Security Department. The indictment described the agency as a provincial foreign intelligence arm of the People’s Republic of China’s Ministry of State Security.
According to prosecutors, the alleged thefts occurred between 2011 and 2018, involved victims in a dozen countries, and mainly centered “on information that was of significant economic benefit to China’s companies and commercial sectors.”
Authorities allege the goal was to install malware and other hacking tools in computer systems in order to steal data from foreign governments, universities and companies.
The hacks targeted a wide range of industries, including aviation, defense, health care and infectious disease research, prosecutors said.
“This indictment alleges a worldwide hacking and economic espionage campaign led by the government of China,” said Acting U.S. Attorney Randy Grossman. “The defendants include foreign intelligence officials who orchestrated the alleged offenses, and the indictment demonstrates how China’s government made a deliberate choice to cheat and steal instead of innovate.”
The Hainan State Security Department, or HSSD, operated through a front company called Hainan Xiandun Technology, which was publicly marketed as “a fast-growing high-tech information security company,” according to the two-count indictment returned by a grand jury in May and unsealed last week.
According to the indictment, to gain initial access to victim networks, conspirators sent fraudulent phishing emails, that were buttressed by fictitious online profiles and contained links to doppelgänger domain names, which were created to mimic or resemble the domains of legitimate companies.
In some instances, they allegedly used hijacked credentials, and the access they provided, to launch phishing campaigns against other users within the same entity or at other targeted entities. The suspects also used multiple and evolving sets of sophisticated malware, including both publicly available and customized programs.
Defendants include Ding Xiaoyang, Cheng Qingmin, and Zhu Yunmin, who are described as HSSD officers “responsible for coordinating, facilitating and managing computer hackers and linguists” at Hainan Xiandun and other front companies.
Wu Shurong, another defendant, is a computer hacker accused of creating malware, breaking into computer systems and supervising other Hainan Xiandun hackers.
They are each charged with one count of conspiracy to commit computer fraud and one count of conspiracy to commit economic espionage.
The Department of Justice alleges the hacking campaign continued despite a 2015 agreement between the U.S. and Chinese governments to curb cyber-related theft of intellectual property, trade secrets or other confidential information for the aims of gaining a commercial advantage.
“These criminal charges once again highlight (how) China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments,” said Deputy Attorney General Lisa O. Monaco.