US claims two Chinese hackers targeted defense companies, dissidents, and coronavirus research

The US Justice Department has charged two alleged Chinese hackers with stealing trade secrets and other valuable data from companies worldwide, including firms working on COVID-19 treatments and vaccines. Prosecutors claim some of the hacks were carried out on behalf of China’s Ministry of State Security, while others were done for personal profit. The pair are currently wanted by the Federal Bureau of Investigation.

US claims two Chinese hackers targeted defense companies, dissidents, and coronavirus research

Li Xiaoyu (who goes by the handle “Oro01xy”) and Dong Jiazhi have allegedly been active since 2009. The Justice Department says it encountered the hackers after they compromised computers at the Department of Energy’s Hanford Site, which is home to a decommissioned nuclear production facility. In addition to this breach, they’re accused of infiltrating a wide swathe of software, defense, gaming, and biotech companies, often seeking proprietary data. At least one case saw them attempting to extort a company by threatening to publish its source code online.

The indictment cites 25 unnamed victim companies from the US, Europe, Australia, and South Korea. Most were targeted between 2015 and 2019 before the start of the coronavirus pandemic. However, the Justice Department says the pair “probed for vulnerabilities” in companies that worked on COVID-19 treatments, vaccines, and tests. In May, the FBI warned of Chinese-government-affiliated hackers “attempting to identify and illicitly obtain” data about COVID-19 research. Last week, the UK’s National Cyber Security Centre separately alleged that hackers linked to Russian intelligence services had targeted companies researching a coronavirus vaccine.

The indictment says that Li and Dong also stole information “of obvious interest” to Chinese state security, including data about military satellite programs and military communications systems. In addition to providing the Ministry of State Security with company data, they reportedly gave it personal account information about dissidents — including a Hong Kong community organizer, a former Tiananmen Square protester, and the pastor of a Christian church in Xi’an.

Li and Dong are charged with identity theft, conspiracy to commit wire fraud, and violating anti-hacking laws. The charges for each carry a maximum sentence of over 40 years, although they are unlikely to be arrested or face trial in the US.

Newsletter sign up