US Indicts 2 Chinese Nationals for Stealing IP & Business Secrets, Including COVID-19 Research

  /     /     /  
Publicated : 23/11/2024   Category : security


US Indicts 2 Chinese Nationals for Stealing IP & Business Secrets, Including COVID-19 Research


Pair working on behalf of themselves and Chinas Ministry of State Security, Justice Department says.



The US government today announced indictments against two Chinese nationals for allegedly stealing intellectual property and confidential information — including COVID-19-related research data — from hundreds of companies worldwide, both for financial gain and on behalf of Chinas spy agency.
In a press conference announcing the indictments Tuesday, US Justice Department officials used unusually blunt language to accuse the Chinese government of allegedly providing safe harbor for such individuals in return for helping the state. China is using cyber-enabled theft as part of a global campaign to rob, replicate and replace non-Chinese companies in the global marketplace, Assistant Attorney General John Demers
said
in a press release from the DoJ.
China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being on call to work for the benefit of the state, he said. Demers described todays indictments as the first ever the US has issued where the defendants have been charged with criminal hacking both for their own gain and on behalf of a government.
Li Xiaoyu, 34, and Dong Jiazhi, 33, are accused of hacking into computer systems belonging to companies in industries that are of strategic importance to Beijings Made in China 2025 initiative. The list includes organizations in high-tech manufacturing, pharmaceuticals, defense, medical devices, and the solar energy sectors across multiple countries, including the United States, Germany, Japan, Spain, the United Kingdom, and Australia.
Beginning in at least 2009 and continuing until today, Li and Dong are alleged to have stolen hundreds of millions of dollars worth of trade secrets and other proprietary data from these companies. The data would have given rivals valuable insight into the work going on at the victim organizations while also saving them substantial research and development costs, the DoJ said.
The data that the pair is alleged to have stolen includes military secrets, weapons design, and testing data from defense contractors, source code from software companies, research on drugs under development, and personal identity information. Recently, Li and Dong also have been attempting to steal data from organizations that are developing COVID-19 vaccines or are involved in COVID-19 testing products and treatments.
The two individuals face long prison sentences if convicted on all charges, but the chances of that ever happening are dim. The indictments of foreign state actors are part of a name-and-shame process that the United States government uses to let countries know that they are aware of this kind of activity, says Charles Ragland, security engineer at Digital Shadows. It is unlikely that many of these individuals will ever be extradited or stand trial in the United States to receive a punishment. Due to this, indictments as a deterrent are probably not very effective.
Indicting papers show that Li and Dong typically have gained initial access to a victims network by probing for and exploiting vulnerabilities in commonly used web server software, web application development suites, collaboration software, and weak or default configuration settings, the indictment noted. In at least a few cases, Li and Dong were able to exploit newly disclosed vulnerabilities before a targeted organization had an opportunity to patch the issue.
They have then used the initial access to drop difficult-to-discover web shells — with innocuous sounding names — on the compromised network for remotely executing malicious commands. One web shell the pair has used frequently is called China Chopper — a tool commonly used by other China-based hackers to remotely control multiple systems on a compromised network.
In addition to web shells, Li and Dong also have typically deployed malware for stealing credentials, which they have then used to escalate privileges and burrow themselves deeper in a victim network. Their tactic for extracting information from a network has included changing extensions and names on stolen documents and files and storing them in compressed fashion in unexpected locations, such as a computers recycle bin, the indictment said. Often, the two hackers retargeted victims from whom they had previously stolen data, but they usually were unsuccessful in these attempts.
Mounting Pressure
The latest indictments continue the US strategy of putting pressure on China by publicly identifying individuals and groups it believes are working for the government and for its Ministry of State Security. Earlier this year, the DOJ handed down similar indictments against four members of Chinas Peoples Liberation Army for their alleged role in the Equifax breach in May 2017. In May 2019, the government similarly charged a Chinese national on charges related to a 2015 breach at health insurer Anthem.
Of course, China is not the only government that the US has accused of sponsoring malicious cyber activity or of endangering national security. In recent years, the Justice Department has accused Russia, Iran, and North Korea of backing similar cyber-espionage campaigns. It has indicted numerous individuals and groups from these countries and in some cases has been able to prosecute them as well.
China has a long history of economic espionage, and these allegations are yet another example, Digital Shadows Ragland says. By stealing proprietary information, Chinese-owned companies can reduce their research and development overhead and produce competitive products for a fraction of the price.
Last year, research by security vendor CrowdStrike showed how the theft of IP and trade secrets from numerous companies around the world helped China
accelerate
development of its first domestically built commercial airplane.
Ben Read, senior manager of analysis at FireEyes Mandiant Threat Intelligence group, says the pattern the DoJ described today about Li and Dong working both for their own gain and for their government sponsors is consistent with what the company has seen. According to Read, though Li and Dongs activity is not linked to any publicly known group, Mandiant has been tracking their activities internally and has notified customers of the threat.
He says its unclear how such threat actors interact with government. We dont know the precise mechanism by which the groups interact with the government, we just see some operations resulting in financial gain and some in information that is not financially valuable, but would be of high interest to a sponsor government.
Related Content:
Chinas Military Behind 2017 Equifax Breach: DoJ
US DoJ Indicts Chinese Man for Anthem Breach
Cyber Theft, Humint Helped China Cut Corners on Passenger Jet
Cloud Threats and Priorities as We Head Into the Second Half of 2020
 
 
Register now for this years fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on
conference information
 and
to register
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
US Indicts 2 Chinese Nationals for Stealing IP & Business Secrets, Including COVID-19 Research