US names four Chinese in global hacking campaign

They are accused of stealing trade secrets from industries including defence, aviation

The US yesterday accused China of using "contract hackers" in a pattern of "irresponsible, disruptive, and destabilising behaviour" in cyberspace which posed a major threat to economic and national security in many countries.

According to the Department of Justice (DOJ), between 2011 and 2018, the campaign targeted victims in the United States, Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom.

The industries targeted included aviation, defence, education, government, healthcare, biopharmaceutical and maritime, the DOJ said.

Four Chinese nationals working with the Ministry of State Security (MSS) have been named in the indictment; they are charged with running a "global computer intrusion campaign targeting intellectual property and confidential business information, including infectious disease research".

Three of the four were officers in the Hainan State Security Department (HSSD), a provincial arm of the MSS.

The indictment alleges that "Ding Xiaoyang, Cheng Qingmin, and Zhu Yunmin were HSSD officers responsible for coordinating, facilitating and managing computer hackers and linguists at Hainan Xiandun and other MSS front companies to conduct hacking for the benefit of China and its state-owned and sponsored instrumentalities".

A fourth, Wu Shurong, was a computer hacker who as part of his duties at Hainan Xiandun "created malware, hacked into computer systems operated by foreign governments, companies and universities, and supervised other Hainan Xiandun hackers".

The DOJ alleges that the four and the HSSD set up a front company, Hainan Xiandun Technology Development, since disbanded, to operate out of Haikou in Hainan province.

The MSS officers also coordinated with staff and professors at various universities in Hainan and elsewhere in China, the DOJ said.

Among the trade secrets stolen were technologies used for submersibles and autonomous vehicles, chemical formulas, and gene sequencing techniques. They were taken to "support China's efforts to secure contracts for state-owned enterprises within the targeted country", said the DOJ.

The DOJ said the conspiracy also targeted infectious-disease research related to Ebola, HIV/Aids and other diseases at research institutes and universities.

Secretary of State Antony Blinken said in a statement yesterday that China's "Ministry of State Security has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain".

He added that the US government and its allies had formally confirmed that hackers affiliated with the MSS exploited vulnerabilities in Microsoft's e-mail servers in an espionage operation that compromised thousands of computers and networks.

Separately, President Joe Biden told reporters during a press conference yesterday that the state may not itself be carrying out the hacking. "To the best of my knowledge... the Chinese government, not unlike the Russian government, is not doing this themselves but are protecting those who are doing it, maybe even accommodating them being able to do it."

A senior administration official, briefing reporters earlier, said concerns about the Microsoft incident and the broader malicious cyber activity had been raised with senior Chinese officials, but the US and its allies and partners were not ruling out further actions.

He said: "We're putting forward a common cyber approach with our allies and laying down clear expectations on how responsible nations behave in cyberspace."

Australia's Ministry for Foreign Affairs said it was "seriously concerned about reports from our international partners that China's Ministry of State Security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese government".

A version of this article appeared in the print edition of The Straits Times on July 20, 2021, with the headline 'US names four Chinese in global hacking campaign'. Subscribe