US indicts alleged Chinese hackers for 'unrelenting effort' to steal tech

The Department of Justice has indicted two Chinese nationals, accusing them of working in association with Chinese state security in what officials called an “unrelenting effort” to steal U.S. commercial and defense technology going back more than a decade.

In a warning to Beijing, Deputy Attorney General Rosenstein said the U.S. and its allies “know what China is doing, why they’re doing it” and sometimes even “who is at the keyboard” while the alleged thefts are going on.

The indictment, unsealed Thursday, accuses Zhu Hua and Zhang Shilong of being members of a hacking group known as APT10, also known as Stone Panda and MenuPass.

“From at least in or about 2006 up to and including or about 2018, members of the APT10 Group, including [the defendants] conducted extensive campaigns of global intrusions into computer systems,” the indictment said. The Justice Department says the pair worked for a technology company and “acted in association with” Chinese state security.

The Justice Department said that through the “technology theft campaign” that reached into companies and organizations in several U.S. states, APT10 “stole hundreds of gigabytes of sensitive data” from a “diverse array” of industries, from space and satellite technology to pharmaceuticals.

“It’s just as if they had broken into American companies and taken the data out physically,” Rosenstein told reporters in announcing the indictment. “It is unacceptable that we continue to uncover cybercrime committed by China against America and other nations.”

The Justice Department also accused APT10 of stealing confidential data from the U.S. Navy, including personal data on more than 100,000 Navy personnel.

To carry out its theft, the Justice Department said APT10 managed to slip into systems belonging to managed service providers (MSPs) “for businesses and governments around the world.”

FBI director Christopher Wray said those intrusions allowed the hackers broad access to the MSP’s clients. Wray said that rather than breaking into someone’s home, this was more like “breaking into and getting the keys from the maintenance supervisor” that allows access to many homes.

“For example, through the MSP Theft Campaign, the APT10 Group obtained unauthorized access to the computers of an MSP that had offices in the Southern District of New York and compromised the data of that MSP and certain of its clients located in at least 12 countries, including Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, and the United States,” the indictment says.

Shortly after the Justice Department's announcement, the British Foreign Office released a statement similarly accusing APT10 of a "malicious cyber campaign."

British Foreign Secretary Jeremy Hunt said, "This campaign is one of the most significant and widespread cyber intrusions against the UK and allies uncovered to date, targeting trade secrets and economies around the world. These activities must stop."

Rosenstein and Wray said the indictment was just the latest law enforcement action taken against the Chinese for what officials have described as a sprawling economic espionage campaign. Rosenstein said that 90 percent of the department’s economic espionage cases in the last seven years involved the Chinese government.

“We want China to cease its illegal cyber activities… but the evidence suggests China may not intend to abide by” the law, he said.

The Justice Department said the two Chinese nationals are not in U.S. custody but are now fugitives.

Representatives at the Chinese Embassy in Washington, D.C., did not immediately respond to a request for comment.