US DoJ indicts Chinese hackers over state-sponsored cyber espionage

The US Department of Justice charged two Chinese hackers for hacking numerous companies and government agencies in a dozen countries, US Indicts Two Chinese Government Hackers Over Global Hacking Campaign.

including Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, and the United States.

The two Chinese hackers, Zhu Hua (aka Afwar, CVNX, Alayos and Godkiller) and Zhang Shilong (aka Baobeilong, Zhang Jianguo and Atreexp), are associated with the China-linked the APT group tracked as APT10 (aka Menupass, and Stone Panda).

“The unsealing of an indictment charging Zhu Hua (朱华), aka Afwar, aka CVNX, aka Alayos, aka Godkiller; and Zhang Shilong (张士龙), aka Baobeilong, aka Zhang Jianguo, aka Atreexp, both nationals of the People’s Republic of China (China), with conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft was announced today. ” reads the press release published by the DoJ.

“Zhu and Zhang were members of a hacking group operating in China known within the cyber security community as Advanced Persistent Threat 10 (the APT10 Group).”

Experts noticed the group since around mid-2016 when it was using PlugX, ChChes, Quasar and RedLeaves malware in targeted attacks.

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper, targeting managed service providers (MSPs) in multiple countries worldwide.

In July 2018, FireEye observed a series of new attacks of the group leveraging spear-phishing emails using weaponized Word documents that attempt to deliver the UPPERCUT backdoor, also tracked as ANEL.

The APT10 group is focused on cyber espionage aimed at stealing business and technology secrets from companies and government agencies around the world.
According to the indictment, the alleged hackers targeted more than 45 companies and government agencies from 2006 to 2018 and stole “hundreds of gigabytes” of sensitive data and personal information from its targets.

Both defendants worked for a company in China named Huaying Haitai Science and Technology Development Company (Huaying Haitai) and acted under the direction of Tianjin State Security Bureau, a department of China’s Ministry of State Security.

The APT10 Group stole hundreds of gigabytes of sensitive data and information from the victims’ computer systems. The list of victims includes at least the following organizations: seven companies involved in aviation, space and/or satellite technology; three companies involved in communications technology; three companies involved in manufacturing advanced electronic systems and/or laboratory analytical instruments; a company involved in maritime technology; a company involved in oil and gas drilling, production, and processing; and the NASA Goddard Space Center and Jet Propulsion Laboratory. 

The two Chinese hackers and their co-conspirators also obtained unauthorized access to computers belonging to more than 25 other technology-related companies involved in industrial factory automation, radar technology, oil exploration, information technology services, pharmaceutical manufacturing, and computer processor technology, as well as the U.S. Department of Energy’s Lawrence Berkeley National Laboratory.

“Finally, the APT10 Group compromised more than 40 computers in order to steal sensitive data belonging to the Navy, including the names, Social Security numbers, dates of birth, salary information, personal phone numbers, and email addresses of more than 100,000 Navy personnel.” continues the DoJ’s Press release.

The Chinese hackers are accused of targeting and compromising Managed Service Providers to steal sensitive business information from their customers.

At the end of October, the DoJ charged 10 Chinese hackers also associated with the APT10 cyber espionage group.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs –APT10, Chinese hackers)

[adrotate banner=”5″] [adrotate banner=”13″]