The U.S. Department of Justice brought forth charges on Thursday against two Chinese citizens for a massive hacking operation that affected governments and businesses around the world, including the U.S. Navy.
Deputy Attorney General Rod Rosenstein made the announcement against Zhu Hua and Zhang Shilong, who engaged in a hacking operation spanning more than a decade, stealing sensitive data from both government and private entities, according to a DOJ statement.
The two will face charges of “conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft.”
Watch Rosenstein’s announcement below:
Zhu and Zhang collaborated with hacking group “Advanced Persistent Threat 10” (APT10), for various intrusion operations beginning in 2006. Then, they hacked their way into the computer systems at 45 different government agencies and tech companies in 12 U.S. states to steal “hundreds of gigabytes of sensitive data.”
In 2014, the collaboration took their efforts to a global level when they hacked governments and companies all over the world to steal intellectual property and other sensitive business data. Victims of the hack included the Southern District of New York, as well as the U.S. Navy, among many others.
“The APT10 Group compromised more than 40 computers in order to steal sensitive data belonging to the Navy, including the names, Social Security numbers, dates of birth, salary information, personal phone numbers, and email addresses of more than 100,000 Navy personnel,” the statement said.
The perpetrators “successfully obtained unauthorized access to computers providing services to or belonging to victim companies located in at least 12 countries, including Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, and the United States,” according to the DOJ.
“The victim companies included at least the following: a global financial institution, three telecommunications and/or consumer electronics companies; three companies involved in commercial or industrial manufacturing; two consulting companies; a healthcare company; a biotechnology company; a mining company; an automotive supplier company; and a drilling company.”
Department of Justice indicts 2 Chinese men accused of being hacker group APT10, who allegedly worked with China’s Ministry of State Security to hack 45 US companies, stealing trade secrets by using spear phishing to install malware
— Ivan Watson (@IvanCNN) December 20, 2018
The conspiracy to commit wire fraud charge carries the largest maximum sentence of up to 20 years imprisonment, while the other charges range from two to five years maximum.
“The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China’s intelligence service access to sensitive business information,” said Rosenstein. “This is outright cheating and theft, and it gives China an unfair advantage at the expense of law-abiding businesses and countries that follow the international rules in return for the privilege of participating in the global economic system.”
“It is galling that American companies and government agencies spent years of research and countless dollars to develop their intellectual property, while the defendants simply stole it and got it for free” said U.S. Attorney Geoffrey Berman. “As a nation, we cannot, and will not, allow such brazen thievery to go unchecked.”
“Healthy competition is good for the global economy, but criminal conduct is not. This is conduct that hurts American businesses, American jobs, and American consumers,” said FBI Director Christopher Wray. “No country should be able to flout the rule of law – so we’re going to keep calling out this behavior for what it is: illegal, unethical, and unfair. It’s going to take all of us working together to protect our economic security and our way of life, because the American people deserve no less.”
“The theft of sensitive defense technology and cyber intrusions are major national security concerns,” said DCIS Director Dermot O’Reilly.
