U.S. accuses Chinese nationals of hacking spree for COVID-19 data, defense secrets

By Raphael Satter and Christopher Bing

WASHINGTON (Reuters) – The U.S. Justice Department on Tuesday indicted two Chinese nationals over their role in what the agency called a decade-long cyber espionage campaign that targeted defense contractors, COVID researchers and hundreds of other victims worldwide.

U.S. authorities said Li Xiaoyu and Dong Jiazhi stole terabytes of weapons designs, drug information, software source code, and personal data from targets that included dissidents and Chinese opposition figures. The cyber criminals were contractors for the Chinese government, rather than full-fledged spies, U.S. officials said.

U.S. Assistant Attorney General for National Security John Demers said at a virtual press conference the hackings showed China “is willing to turn a blind eye to prolific criminal hackers operating within its borders.”

“In this manner, China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provides safe haven for cyber criminals in exchange for those criminals being on call for the benefit of the state.”

Messages left with one of several accounts registered in the name of Li’s digital alias, oro0lxy, were not immediately returned. Reuters could not immediately locate contact details for Dong. The Chinese Embassy in Washington did not immediately return a message seeking comment, although Beijing has repeatedly denied hacking the United States.

The indictment mostly did not name any companies or individual targets, but U.S. Attorney William Hyslop, who spoke alongside Demers, said there were “hundreds and hundreds of victims in the United States and worldwide.” Officials said the investigation was triggered when the hackers broke into a network belonging to the Hanford Site, a decommissioned U.S. nuclear complex in eastern Washington state, in 2015.

Li and Dong were “one of the most prolific group of hackers we’ve investigated,” said FBI Special Agent Raymond Duda, who heads the agency’s Seattle field office.

A July 7 indictment made public on Tuesday alleges that Li and Dong were contractors for China’s Ministry of State Security, or MSS, a comparable agency to the U.S. Central Intelligence Agency. The MSS, prosecutors said, supplied the hackers with information into critical software vulnerabilities to penetrate targets and collect intelligence. Targets included Hong Kong protesters, the office of the Dalai Lama and a Chinese Christian non-profit.

As early as Jan. 27, as the coronavirus outbreak was coming into focus, the hackers were trying to steal COVID-19 vaccine research of an unidentified Massachusetts biotech firm, the indictment said.

It is unclear whether anything was stolen but one expert said the allegation shows the “extremely high value” that governments such as China placed on COVID-related research.

“It is a fundamental threat to all governments around the world and we expect information relating to treatments and vaccines to be targeted by multiple cyber espionage sponsors,” said Ben Read, a senior analyst at cyber-security company FireEye.

He noted that the Chinese government had long relied on contractors for its cyber-spying operations.

“Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations,” Read said.

(Reporting by Chris Sanders; Editing by Chizu Nomiyama and Richard Chang)