U.S. says China backed hackers who targeted COVID-19 vaccine research

The indictment said that the hackers operated both for their own profit and also for the main Chinese intelligence service, the Ministry of State Security.
Image: Novavax labs
Three potential coronavirus vaccines are kept in a tray at Novavax labs in Gaithersburg, Md., on March 20, 2020.Andrew Caballero-Reynolds / AFP via Getty Images file

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
SUBSCRIBE
By Ken Dilanian and Pete Williams

WASHINGTON — In the latest attempt to "name and shame" China’s government-sponsored cyber theft, the Justice Department announced an indictment Tuesday charging two Chinese nationals — both in China — with hacking governments, dissidents, human rights activists and private companies, including those engaged in COVID-19 vaccine research.

The indictment says the hackers operated both for their own profit and also for the main Chinese intelligence service, the Ministry of State Security. It says they were assisted by an unnamed Chinese intelligence officer known to the grand jury. Officials said these were the first federal charges related to alleged theft of coronavirus research.

At a news conference in Washington, top Justice Department and FBI officials used some of their strongest language to date in condemning China as a rogue cyber thief, putting China in the same category as Russia, Iran and North Korea, the top U.S. adversaries.

“China is using cyber intrusions as part of its ‘rob, replicate and replace’ campaign” for development," said John Demers, the assistant attorney general for national security, calling the hacking “yet another example of China’s brazen willingness to engage in theft through computer intrusions in defiance of international agreements."

He added that “China’s anti-competitive behavior…is a global issue,” and that, by allowing hackers to operate unmolested, "China has now taken its place alongside Russia, Iran and North Korea on that shameful list of countries” that tolerate criminal hacking within its borders.

FBI Deputy Director David Bowdich added that “the scale and scope of the hacking activities sponsored by (Chinese) intelligence services against the U.S. and our international partners is unlike any other threat we are facing today.”

One goal of the indictments, he said, is to “put the Chinese leaders on notice: There are serious consequences and risks for stealing our technological and intellectual property.”

China has consistently denied doing that.

The high profile roll-out of the indictments is the latest example of how American national security officials see value in bringing their campaign against Chinese hacking into public view after years of fighting it mainly in the shadows.

In 2012, the former head of the National Security Agency called cyber theft, mainly by China, the greatest transfer of wealth in history.

In 2015, President Barack Obama and Chinese President Xi Jinping signed an agreement not to steal intellectual property from one another, but after a brief period of dormancy, Chinese cyber theft exploded once again as President Trump sought to crack down in Chinese trade practices, officials say.

“We don’t have a cyber problem — we have a China, Russia, Iran and North Korea problem,” said Dmitri Alperovitch, chairman of the Silverado Policy Accelerator, a Washington think tank.

"Even when we are not dealing with nation-state activity emanating from these countries, we see how these four states are protecting or even paying cyber criminals operating within their borders."

The hackers named in Tuesday’s indictment have been operating since 2009, the court documents say. It is extremely unlikely that they will ever see the inside of an American courtroom.

The grand jury indictment charged Li Xiaoyu, 34, and Dong Jiazhi, 33, with conducting a hacking campaign lasting more than 10 years targeting companies in the U.S., Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom.

"The hackers stole terabytes of data which comprised a sophisticated and prolific threat to U.S. networks," a Justice Department statement said.

The indictment said that the hackers operated both for their own profit and also for the main Chinese intelligence service, the Ministry of State Security.

Targets included high tech manufacturers, medical device makers civil and industrial engineers, gaming software makers, solar energy companies; pharmaceutical makers, and defense contractors.

The indictment said the hackers sought information related to COVID-19 research, but it does not allege they obtained any.

Among the 13 U.S. victims were: a California tech and defense company, a Maryland tech and manufacturing company, the DOE’s Hanford site in Washington, a Texas engineering firm, a Virginia defense contractor, a Massachusetts software firm, a California gaming software company, and several U.S. drug makers.

Court documents say the hackers “researched vulnerabilities in the networks of biotech and other firms publicly known for work on COVID-19 vaccines, treatments, and testing technology, but it does not say they obtained any.

The hackers sought to extort cryptocurrency from one victim, DOJ said, by threatening to release the victim's stolen source code on the Internet.

"More recently, the defendants probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments."