US Slams China for Corporate Cyber Espionage, Indicts Two Spies

Reuters
Updated:

WASHINGTON—U.S. prosecutors unsealed an indictment on Dec. 20 that charged two Chinese nationals with computer hacking attacks on a wide range of American government agencies and corporations including the Navy and the space agency NASA, according to a court filing.

The two, identified as Zhu Hua and Zhang Jianguo, worked in China to hack into computers to steal intellectual property and confidential business and technological data, according to the indictment. U.S. authorities said the two worked in association with China’s Ministry of State Security.

The United States and about a dozen allies were set on Thursday to condemn China for efforts to steal other countries’ trade secrets and technologies and to compromise government computers, according to a person familiar with the matter.

Australia, Britain, Canada, Japan, the Netherlands, New Zealand and Sweden are expected to be involved in the U.S. effort, according to the source, who spoke on condition of anonymity.

The U.S. indictment said hacking targets included the U.S. Navy, the National Aeronautics and Space Administration and companies involved aviation, space and satellite technology.

“China’s goal, simply put, is to replace the U.S. as the world’s leading superpower and they’re using illegal methods to get there,” FBI Director Chris Wray said at a news conference.

A poster displayed during a news conference at the Department of Justice in Washington, Dec. 20, 2018. (AP/Manuel Balce Ceneta)
A poster displayed during a news conference at the Department of Justice in Washington, Dec. 20, 2018. AP/Manuel Balce Ceneta

The companies targeted by China were a “who’s who” of American businesses, Wray said.

The Justice Department accused China of breaking a 2015 pact to curb cyber espionage for corporate purposes. Britain also said it would hold the Chinese government responsible for the global hacking campaign targeting commercial secrets in Europe, Asia and the United States.

The hacking effort is considered a major cyber threat by private-sector cybersecurity researchers and government investigators because of the scale of the intrusions.

The hackers were charged with spying on some of the world’s largest companies by hacking into technology firms to which they outsource email, storage and other computing tasks.

Over the past several years, as companies around the globe have sought to cut down information technology spending, they have increasingly relied on outside contractors to store and transfer their data.

When a managed service provider is hacked, it can unintentionally provide attackers access to secondary victims who are customers of that company and have their computer systems connected to them, according to experts.

The British government said in a statement the hacking was conducted by a group known as APT 10, which was acting on behalf of China’s Ministry of State Security.

“This campaign shows that elements of the Chinese government are not upholding the commitments China made directly to the UK in a 2015 bilateral agreement,” the British statement said.

By Diane Bartz & Christopher Bing