US charges two Chinese nationals over hacking campaigns

Zhu Hua (left) and Zhang Shi Long were allegedly members of a hacking group that targeted firms managing IT infrastructure of businesses and governments around the world. China denied the cyber-espionage charges.
Zhu Hua (above) and Zhang Shi Long were allegedly members of a hacking group that targeted firms managing IT infrastructure of businesses and governments around the world. China denied the cyber-espionage charges.
Zhu Hua (left) and Zhang Shi Long were allegedly members of a hacking group that targeted firms managing IT infrastructure of businesses and governments around the world. China denied the cyber-espionage charges.
Zhu Hua and Zhang Shi Long (above) were allegedly members of a hacking group that targeted firms managing IT infrastructure of businesses and governments around the world. China denied the cyber-espionage charges.

The United States government has charged two Chinese nationals over sustained hacking campaigns against technology companies and governments around the world, linking Beijing to the theft of confidential business data and intellectual property.

The US claims were swiftly backed by its allies around the world, including Japan, Canada and Britain - three of the 12 affected countries.

China's Foreign Ministry yesterday denied the cyber-espionage charges, and urged Washington and its allies to withdraw the accusations. "Slamming groundless accusations against China under the pretext of cybertheft is no more than a self-deceiving act of blame-shifting," ministry spokesman Hua Chunying said at a regular media briefing. "We urge the United States to immediately correct its wrongdoings, stop smearing China on the cyber-security issue, and withdraw the so-called charges against related Chinese personnel."

Ms Hua added that China will take necessary steps to resolutely safeguard its cyber security and interests. The ministry also stressed that China had never participated in or supported any stealing of commercial secrets, and added that it had lodged "stern representations" with Washington.

The charges were unsealed on Thursday and announced by US Deputy Attorney-General Rod Rosenstein, who said the two men were part of a group whose cyber attacks gave China's intelligence service access to sensitive business information and China an unfair advantage in the global economy.

The two men, Zhu Hua and Zhang Shi Long, operated under several handles, with Zhu known as Afwar, CVNX, Alayos and Godkiller, and Zhang known as Baobeilong and Atreexp.

They were accused of being members of a hacking group called Advanced Persistent Threat 10 (APT10), also known as Stone Panda and Red Apollo, which acted in association with the Chinese Ministry of State Security's Tianjin State Security Bureau. Their latest campaign began around 2014 and targeted firms that remotely managed the information technology infrastructure of businesses and governments around the world.

Through these service providers, the group gained unauthorised access to a wide range of companies in Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, Britain and the US, installing malware that allowed them to steal user credentials and data.

Yesterday, Japanese Foreign Ministry spokesman Takeshi Osuga said Japan had identified APT10's continuous attacks on various domestic targets, including private firms and academic institutions.

Canada also pointed the finger at China, with its Communications Security Establishment agency stating that it was almost certain that actors associated with the Chinese government were behind the attacks on the service providers beginning as early as 2016.

Britain, Australia and New Zealand also slammed China over what they called a global campaign of cyber-enabled commercial intellectual property theft, according to Reuters.

The US claims were swiftly backed by its allies around the world, including Japan, Canada and Britain - three of the 12 affected countries.

The campaign is "one of the most serious, strategically significant, persistent and potentially damaging set of cyber intrusions against the UK and our allies that we have seen", a British security official said.

Australia's foreign affairs and home affairs departments said APT10 was engaged in "sustained cyber intrusions" on large managed service providers, or information technology contractors globally.

In New Zealand, the Government Communications Security Bureau said that alongside national security partners, it had established links between the Chinese Ministry of State Security and a global campaign of cyber-enabled commercial intellectual property theft, which it became aware of last year.

 
 
 

The compromised companies included a global financial institution and other firms in a wide range of sectors, including telecommunications and consumer electronics, medical equipment, packaging, manufacturing, consulting, healthcare, biotechnology, oil and gas exploration and mining.

APT10 also stole US Navy data including the names, Social Security numbers, dates of birth, salary information, phone numbers and e-mail addresses of more than 100,000 US Navy personnel.

These computer intrusions continued this year, said prosecutors. This would have been a violation of a 2015 agreement between Chinese President Xi Jinping and then US President Barack Obama to stop cyber espionage between both countries.

APT10 also hacked into the computer systems of commercial and defence technology firms and US agencies in a separate campaign that began in 2006, stealing hundreds of gigabytes of data from at least 45 companies and government bodies across a dozen US states.

Dr Robert Williams, executive director of Yale Law School's Paul Tsai China Centre, said the allegations added considerably to a growing body of evidence that China had not dialled back its commercial cyber espionage in the way US officials had hoped it would after the 2015 Obama-Xi agreement.

But, he added: "If one goal of today's indictment is to underline how serious the US government is about addressing Chinese state-sponsored commercial cybertheft, that objective is strengthened considerably by US allies' remarkably unified statements condemning China's behaviour."

Milken Institute Asia fellow Curtis Chin told The Straits Times that the indictments underscored that with China, reforms were increasingly a matter of "don't trust, do verify". "China has got a little out of control, and it is time to push back."

A version of this article appeared in the print edition of The Straits Times on December 22, 2018, with the headline 'US charges two Chinese nationals over hacking campaigns'. Print Edition | Subscribe