U.S. prosecutors have announced charges against two Chinese hackers on suspicion of stealing trade secrets from tech and biotech companies, including companies working on treatment, testing and a vaccine for Covid-19.
John Demers, Deputy Attorney General for National Security, took this example Tuesday at a Justice Department press conference to stress a “cheeky willingness by China to engage in theft” of intellectual property to improve its competitive advantage in key technology sectors.
Terabytes of data stolen
In a multi-year computer attack that resulted in the theft of terabytes of data, John Demers says hackers have targeted companies in 8 out of 10 technology sectors, including robotics, aviation, maritime equipment. , clean energy and biotechnology. More recently, hackers have started targeting networks of biotech companies and other companies known to develop treatments for Covid-19.
The US Department of Justice suggests in the indictment – of 11 counts – that the hackers are working both for themselves and for the benefit of the Chinese government’s Department of State Security.
“China has now taken its place, alongside Russia, Iran and North Korea, in this shameful club of nations that provide a haven for cybercriminals in return for their availability for the benefit of the State, here to feed the insatiable hunger of the Chinese Communist Party for the hard-won intellectual property of American companies, including research on Covid-19, ”accuses John Demers in a statement.
Several conspiracy charges
According to the indictment, hackers were able to gain access to corporate networks by exploiting publicly known software vulnerabilities that, in some cases, had not yet been addressed. They then used this access to install malicious shells and credential stealing software. From there, they were able to remotely execute commands on employee computers.
The hackers, identified as Li Xiaoyu and Dong Jiazhi, are charged with Conspiracy to Commit Computer Fraud, Conspiracy to Steal Trade Secrets, Conspiracy to Commit Online Fraud, No Access authorized to a computer and aggravated identity theft.
The indictment comes a week after it was revealed that state-backed Russian hackers were targeting pharmaceutical and healthcare companies, academic research centers and other organizations involved in the development of vaccines against the coronavirus. The warning came from a notice issued by the UK’s National Cyber Security Center, with support from the US National Security Agency and Canadian security services.
Source : ZDNet.com