Federal prosecutors are expected to unveil criminal charges as soon as next week against hackers linked to Chinese intelligence for allegedly stealing data from U.S. companies, according to people familiar with the matter.
A senior U.S. intelligence official described the Chinese operation, known as “Cloudhopper,” as one of the most expansive and successful hacking schemes ever recorded. The pending charges were first described in a story by the Wall Street Journal on Dec. 7.
The breaches by hackers associated with China’s Ministry of State Security have allowed China to gather large quantities of data on a wide range of American businesses, according to two U.S. officials who spoke on condition of anonymity because they were not authorized to discuss the investigations.
Cloudhopper focuses on hacking large, third-party, data storage companies, and cloud software service companies that store data for U.S. companies and government agencies.
Cyberattacks connected to Cloudhopper began at least as early as 2017, according to a report from British multinational defense contractor BAE Systems, which has an internal cybersecurity research unit that publishes some of its findings for marketing purposes.
The Justice Department and the National Security Agency did not immediately respond to a request for comment. The Chinese embassy in the United States did not immediately respond to a request for comment.
The charges may be followed by sanctions and other punitive measures, according to one of the U.S. officials. The official did not say exactly who might come under sanction.
Cloudhopper is considered a major cyberthreat by private-sector cybersecurity researchers and government investigators because of the scale of the intrusions.
Over the last several years, as companies around the globe have sought to cut down information technology spending, they have increasingly relied on outside contractors to store and transfer their data.
When a managed service provider is hacked, it can unintentionally provide the attackers access to secondary victims who are customers of that company and have their computer systems connected to them, experts say.
“It’s a large-scale concern because of how broad it is and how pervasive this access is,” said Rob Joyce, a senior adviser to the National Security Agency. “What we’ve watched is after they’ve gotten into managed service providers, it’s our belief that they haven’t been completely pushed out.”
“That is strategic high ground,” Joyce said in an interview in October.