US names four Chinese nationals in global hacking campaign

The US said hackers tied to China's government exploited vulnerabilities in the Microsoft Exchange Server. PHOTO: REUTERS

WASHINGTON - The United States on Monday (July 19) accused China of using "contract hackers" in a pattern of irresponsible, disruptive and destabilising behaviour in cyberspace that posed a major threat to economic and national security in many countries.

Between 2011 and 2018, the campaign allegedly targeted victims in the United States, Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and Britain, the Department of Justice (DOJ) said in its indictment.

Targeted industries included aviation, defence, education, government, health care, biopharmaceutical and maritime, the DOJ said.

Four Chinese nationals working with the Ministry of State Security (MSS) have been named in the indictment - charged with running a "global computer intrusion campaign targeting intellectual property and confidential business information, including infectious disease research".

Three of the defendants were officers in the Hainan State Security Department (HSSD), a provincial arm of the MSS.

The indictment alleges that "Ding Xiaoyang, Cheng Qingmin, and Zhu Yunmin were HSSD officers responsible for coordinating, facilitating and managing computer hackers and linguists at Hainan Xiandun and other MSS front companies to conduct hacking for the benefit of China and its state-owned and sponsored instrumentalities".

A fourth, Wu Shurong, was a computer hacker who, as part of his duties at Hainan Xiandun, "created malware, hacked into computer systems operated by foreign governments, companies and universities, and supervised other Hainan Xiandun hackers".

The DOJ alleges that the defendants and the HSSD established a front company, Hainan Xiandun Technology Development Co, since disbanded, to operate out of Haikou in Hainan province.

The alleged MSS officers also "coordinated with staff and professors at various universities in Hainan and elsewhere in China to further the conspiracy's goals", it said.

"Stolen trade secrets and confidential business information included, among other things, sensitive technologies used for submersibles and autonomous vehicles, speciality chemical formulas, commercial aircraft servicing, proprietary genetic-sequencing technology and data, and foreign information to support China's efforts to secure contracts for state-owned enterprises within the targeted country."

The DOJ said the conspiracy also targeted infectious disease research related to Ebola, the Middle East respiratory syndrome, HIV/Aids, and other diseases at research institutes and universities.

Separately, Secretary of State Antony J. Blinken said in a statement on Monday morning that China's Ministry of State Security (MSS) "has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain".

He added: "The United States government, alongside our allies and partners, has formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber-espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims."

Briefing reporters earlier, a senior administration official said China's hacking campaign was distinct from Russia's in being state-sanctioned.

"On the Russian side… we sometimes see individuals moonlighting. And we see… some connections between Russian intelligence services and individuals. But… the MSS use of criminal contract hackers to conduct unsanctioned cyber operations globally is distinct," the official said.

However, President Joe Biden told reporters during a press conference yesterday that the state may not itself be carrying out the hacking. "To the best of my knowledge... the Chinese government, not unlike the Russian government, is not doing this themselves but are protecting those who are doing it, maybe even accommodating them being able to do it."

The senior official said concerns about the Microsoft incident and the broader malicious cyber activity had been raised with senior Chinese officials, but the US and its allies and partners were not ruling out further actions to hold China accountable.

"No one action can change China's behaviour in cyberspace and neither can just one country acting on its own," the official added. "We're putting forward a common cyber approach with our allies and laying down clear expectations on how responsible nations behave in cyberspace."

Australia's Ministry for Foreign Affairs on Monday also said it was "seriously concerned about reports from our international partners that China's Ministry of State Security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese Government".

In his statement, Mr Blinken said: "Responsible states do not indiscriminately compromise global network security nor knowingly harbour cyber criminals - let alone sponsor or collaborate with them."

He added: "These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cyber-security mitigation efforts, all while the MSS had them on its payroll."

Join ST's Telegram channel and get the latest breaking news delivered to you.