U.S. charges Chinese hackers with attacking companies, pro-democracy groups

Deputy Attorney General Jeffery A. Rosen details charges laid against five Chinese nationals accused of hacking more than 100 companies at the Department of Justice in Washington, D.C., on Wednesday. Photo by Tasos Katopodis/UPI
1 of 4 | Deputy Attorney General Jeffery A. Rosen details charges laid against five Chinese nationals accused of hacking more than 100 companies at the Department of Justice in Washington, D.C., on Wednesday. Photo by Tasos Katopodis/UPI | License Photo

Sept. 16 (UPI) -- The Justice Department said it has charged a group of hackers linked to the Chinese government with targeting more than 100 companies, pro-democracy organizations and universities worldwide to steal proprietary information and digital currency, inflicting millions of dollars in losses.

The Justice Department announced the unsealing of three indictments Wednesday during a press conference charging five fugitive Chinese nationals of the hacking group Advanced Persistent Threat 41 and two Malaysian nationals who conspired with them to profit from their attacks.


During the press conference, Jeffrey A. Rosen, deputy attorney general, announced that the Malaysian defendants -- Wong Ong Hua, 46, and Ling Yang Ching, 32 -- were arrested Sunday evening by Malaysian authorities and now face extradition proceedings while chastising China for not only enabling the attacks by turning a blind eye to the Chinese hackers but from benefiting from their actions.


"The Chinese government has made a deliberate choice to allow its citizens to commit computer intrusions and attacks around the world because these actors will also help the PRC," he said, referring to the Asian nation by the initials of its official name, the People's Republic of China.

Michael Sherwin, acting U.S. attorney for the District of Columbia, said that some of those charged are associated with the PRC, which provides them with "free license" to hack and steal across the globe while barring them from attacking domestic targets.

He told reporters that the indictments don't include accusations of state-sponsored cyberattacks but that when parsed they show that not all the attacks were for personal gains, such as those targeting universities and prodemocracy think tanks, groups, politicians and activist, some of which are in Hong Kong.

"This is a breadcrumb that shows that these individuals were working for profit-personal gain, yes, but were also proxies -- that's a conclusion you could draw -- for the Chinese government," he said.

In one of the indictments, a Chinese suspect is reported to have boasted about being "very close" to China's Ministry of State Security, which would provide him protection "unless something big happens."


"We know the Chinese authorities to be at least as able as the law enforcement authorities here and in like-minded states to enforce laws against intrusions," Rosen said, "But they choose not to."

The indictments charge Chinese nationals Zhang Haoran, 35; Tan Dailin, 35; Jiang Lizhi, 35; Qian Chuan, 39; and Fu Qiang, 37; with dozens of crimes.

The charges continue a Justice Department push to hold Chinese hackers accountable and came two months after prosecutors charged two Chinese nationals with hacking pharmaceutical companies developing coronavirus vaccines on behalf of the Chinese government as well as stealing data from dissidents worldwide.

Prosecutors said Wednesday that the crimes committed by the seven defendants fall under two categories: those targeting companies and those targeting victims involved in the video game industry.

Rosen said the attacks targeting companies were "turbo-charged" by a sophisticated technique called a supply chain attack where the Chinese hackers infiltrated international software providers and altered the codes of their programs to install backdoors that enabled further hacks of the customers who bought their products.

The second method saw the hackers compromise the networks of video game companies to defraud them and users of in-game resources that, with the help of the two Malaysian defendants, they would sell on the black market.


Sherwin called the attack "unprecedented."

"This is again troubling because we see this as unfortunately a new area in which hackers are exploiting, and it's a billion-dollar industry, and I'm sure that this isn't the end," he said. "We're going to see much more of this criminal conduct, unfortunately."

Along with the charges, the Justice Department with the FBI announced they have been working with Microsoft, Google, Facebook, Verizon and other companies to "neutralize" the computer infrastructure the hacking group APT-41 uses, such as malware and malicious domains, to conduct its attacks.

Prosecutors also announced the seizure of hundreds of accounts, servers, domain names and so-called dead drop web pages used by the defendants to conduct their computer attacks

"The bottom line is that we have used every tool at the department's disposal to disrupt these APT-41 activities," Rosen said.

Latest Headlines