The Justice Department revealed Wednesday previously sealed indictments of five Chinese hackers and two Malaysian businessmen accused of intrusions that hit more than 100 companies in the U.S. and abroad.
The attacks “facilitated the theft of source code, software code signing certificates, customer account data and valuable business information,” the department said in a statement.
Targets of the attacks included software development companies, computer hardware manufacturers, telecommunications providers, social media companies and video game companies, the department said. It said the first of the previously undisclosed grand jury indictments came in August 2019 and the others this August.
Department officials credited Malaysian authorities for arresting the two businessmen who it said conspired to profit from attacks on the video game industry.
“Unfortunately, the record of recent years tells us that the Chinese Communist Party has a demonstrated history of choosing a different path, that of making China safe for their own cyber criminals, so long as they help with its goals of stealing intellectual property and stifling freedom,” Deputy Attorney General Jeffrey Rosen told reporters during a press conference in Washington.
‘PROXIES’ FOR CHINA
The indictments don’t allege that the hackers were working for the Chinese government. But other evidence indicates they were acting as “proxies” for Beijing, including carrying out hacking attacks that aren’t related to making a profit but instead related to espionage, said Michael Sherwin, acting U.S. Attorney for the District of Columbia.
China said it “consistently” opposed cyber attacks and called itself “a staunch guardian of cyber security” on Thursday when asked about the indictments.
“To our regret, the U.S. side, for a long time, has been using the cyber security issue to smear and attack China,” Chinese Foreign Ministry spokesman Wang Wenbin told a regular briefing in Beijing. “It has been using political manipulation to spread false information about China. We urge the U.S. to adopt an objective attitude and approach this issue in an objective way. It should resort to cooperation to address cyber attack issues.”
The ministry regularly denies involvement when questioned about foreign cyber attacks.
The announcement comes as President Donald Trump is targeting China in his re-election campaign, blaming the country for failing to prevent the international spread of the coronavirus pandemic and for trade practices he calls unfair.
The Trump administration shuttered the Chinese consulate in Houston in July after years of frustration about what it says were criminal and covert activity directed by Beijing to steal trade secrets and carry out malign influence operations across the U.S.
In a new twist, two of the Chinese hackers attacked the billion-dollar video game industry for financial gain, Sherwin said.
They attacked at least six companies associated with the video game industry in New York, Texas, Washington, Illinois, California and the U.K., according to one of the indictments.
The hackers accessed company databases and fraudulently generated digital items, such as video game currency, which they then sold for profit, according to the indictment.
Overall, the five hackers created millions of dollars in damages to companies in countries including the U.S., U.K., Germany, India, Japan and Indonesia, the Justice Department said.
The department is seeking to extradite the two Malaysians, FBI Deputy Director David Bowdich said.
Justice Department officials said that Microsoft Corp., Facebook Inc., Alphabet Inc.’s Google and Verizon Communications Inc. helped develop measures to block the intrusions.
Last week, Microsoft issued a sharp warning about election-related hacking and interference by groups linked to Russia, China and Iran.
The company’s report said the Russians are launching campaigns “presumably to aid in intelligence gathering or disruption operations,” while China “has attempted to gain intelligence on organizations associated with the upcoming U.S. presidential election.”
APT 41 is known among security researchers for carrying out “state-sponsored espionage activity in parallel with financially motivated operations” including for personal gain, according to a 2019 report by the cybersecurity firm FireEye Inc.
“Explicit financially-motivated targeting is unusual among Chinese state-sponsored threat groups,” the researchers found.
Last year, APT 41 malware was used to steal SMS text messages from high-ranking military and government targets at an unprecedented scale, FireEye found.