The U.S. Justice Department on Monday announced charges against three Chinese intelligence officers and a Chinese computer hacker in connection with an unlawful cyber campaign that pilfered trade secrets and confidential information from dozens of companies, universities and government entities in the United States and 11 other countries between 2011 and 2018.
The theft included information about sensitive technologies, that was “of significant economic benefit to China’s companies and commercial sectors,” the department said, adding that the hackers targeted research institutes and universities to steal infectious-disease research on Ebola, MERS, and HIV/AIDS.
Like the closely related Ebola virus, the Marburg virus can cause massive internal bleeding, organ failure, fever, shock and delirium, and usually death. Tularemia is a potentially fatal bacterial disease found in rabbits. The U.S. Centers for Disease Control and Prevention says people could become exposed through bioterrorism.
The announcement came as the administration of President Joe Biden and its allies formally attributed a massive cyberattack on the Microsoft Exchange Server email software earlier this year to hackers tied to China’s Ministry of State Security.
“These criminal charges once again highlight that China continues to use cyber-enabled attacks to steal what other countries make, in flagrant disregard of its bilateral and multilateral commitments,” Deputy Attorney General Lisa O. Monaco said in a statement.
Prosecutors identified the three intelligence officers as Ding Xiaoyang, Cheng Qingmin, and Zhu Yunmin, saying they served in the Hainan State Security Department (HSSD), a provincial arm of China’s Ministry of State Security. The computer hacker was identified as Wu Shurong.
In an indictment unsealed Friday, prosecutors alleged that the three intelligence officers coordinated with staff and professors at various Chinese universities to carry out the campaign. The universities helped the Chinese spy agency to identify and recruit hackers and linguists, they said.
To hide the Chinese government’s role in the cyber campaign, the four defendants and other Chinese intelligence operatives established a front company, Hainan Xiandun Technology Development Co., Ltd, prosecutors said. The company has since been disbanded.
In addition to organizations in the United States, the hacking campaign targeted victims in Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom, prosecutors said.
“The breadth and duration of China’s hacking campaigns, including these efforts targeting a dozen countries across sectors ranging from health care and biomedical research to aviation and defense, remind us that no country or industry is safe,” Monaco said. “Today’s international condemnation shows that the world wants fair rules, where countries invest in innovation, not theft.”
In recent years, the Justice Department has charged dozens of Chinese nationals with espionage and cyberattacks.
The Chinese government has long denied U.S. allegations that it carries out cyberattacks against the United States.
The U.S. and its Western allies accused the Ministry of State Security of using “contract hackers” to carry out a wide range of cyberattacks including ransomware attacks targeting companies in exchange for millions of dollars in ransom. They specifically blamed China for the cyberattack in March that affected tens of thousands of organizations via Microsoft Exchange servers.
“The United States and countries around the world are holding the People’s Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security,” U.S. Secretary of State Antony Blinken said in a statement.
The public attribution is likely to strain already sour relations between Washington and Beijing and comes at a time when U.S. officials continue to sound the alarm about Chinese cyber espionage activities as part of Beijing’s campaign to supplant the United States as the world’s only superpower.
An advisory released on Monday by the FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA) said Chinese state-sponsored malicious cyber activity is “a major threat to U.S. and Allied cyberspace assets.”
“Chinese state-sponsored cyber actors aggressively target U.S. and allied political, economic, military, educational, and critical infrastructure (CI) personnel and organizations to steal sensitive data, critical and emerging key technologies, intellectual property, and personally identifiable information (PII),” the joint advisory said.
The U.S. views China as “a prolific and effective cyber-espionage threat” and says it “possesses substantial cyber-attack capabilities,” according to the U.S. intelligence community’s latest threat assessment released in April.