US and allies: New hacks mean China broke 2015 economic espionage pact
In a press conference this morning, Deputy Attorney General Rod Rosenstein and FBI Director Christopher Wray announced indictments of two Chinese men connected with China’s Ministry of State Security and the hacking group known as APT 10. The two are accused of being responsible for a recent wave of attacks on managed service providers (MSPs) that ultimately targeted both companies and government agencies in 12 countries, including the US. The two are also accused of stealing the Social Security numbers and other personal data of more than 100,000 Navy service members.
Zhu Hua (朱华, also known by the hacker names Afwar, CVNX, Alayos, and Godkiller) and Zhang Shilong (张士龙, AKA Baobeilong, Zhang Jianguo, and Atreexp) were charged with conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft. Both worked for Huaying Haitai Science and Technology Development Company, and are alleged to have acted at the direction of the Chinese Ministry of State Security’s Tianjin State Security Bureau. From as far back as 2006 up until this year, Zhu and Zhang targeted and hacked into MSPs seeking intellectual property and confidential business and technological information of more than 45 technology companies in the US alone, as well as U.S. government agencies.
“The APT10 Group targeted a diverse array of commercial activity, industries and technologies, including aviation, satellite and maritime technology, industrial factory, automotive supplies, laboratory instruments, banking and finance, telecommunications and consumer electronics, computer processor technology, information technology services, packaging, consulting, medical equipment, healthcare, biotechnology, pharmaceutical manufacturing, mining, and oil and gas exploration and production,” a Justice Department spokesperson said after the briefing. Zhu and Zhang’s participation included registering domains and accounts used by the APT10 Group to stage command and control infrastructure and use in attacks on the MSPs.
“The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China’s intelligence service access to sensitive business information,” said Deputy Attorney General Rosenstein. “This is outright cheating and theft, and it gives China an unfair advantage at the expense of law-abiding businesses and countries that follow the international rules in return for the privilege of participating in the global economic system.”
“The defendants allegedly compromised MSPs in 12 countries,” Rosenstein said, targeting their customers across a breadth of industries. “The defendants committed these crimes in connection with the Ministry of State Security.”
The actions, Rosenstein said, are in direct violation of China’s 2015 agreement with the US to end economic cyber-espionage and other commitments China made to members of the G-20 economic group and the world community. “China promised to stop, but this activity violates the commitment they made,” he said. “We want China to cease illegal cyber activities and honor its commitments, but the evidence suggests they will not.”
This is not the first time, he noted. “More than 90 percent of cases involving alleged economic espionage involve China,” Rosenstein said, as do two-thirds of investigations involving theft of intellectual property. Rosenstein said that China’s continued hacking activities are “unacceptable” and that the US and its allies are united in “responding to China’s economic aggression.”
This story is still developing. Ars will update this story as more details are available.
