Friday, Jun 18

US charges two Chinese hackers in data-theft campaign

Two hackers acted in association with the Chinese government to steal data from US, could face up to 27 years in prison.
21.12.2018 - 11:02

The US Justice Department charged two Chinese nationals on Thursday for being suspected of working on behalf of the Chinese government in a decade-long campaign to steal the intellectual property of America and other countries.

The charges were filed as a larger campaign by the US to curb efforts by the Chinese to steal American trade secrets.


Zhu Hua and Zhang Shilong had a part of the Advanced Persistent Threat 10 (APT10 Group), a hacking group working out of China, and also acted in association with China's Ministry of State Security, the country's intelligence agency. "It is unacceptable that we continue to uncover cybercrime committed by China against America and other nations," Deputy Attorney General Rod Rosenstein said at a news conference.

The two hackers were each charged with one count of conspiracy to commit computer intrusions, one count of conspiracy to commit wire fraud, and one count of aggravated identity theft. They could face up to 27 years in prison. Zhu and Zhang had been working for the APT10 Group from 2006 up until 2018, where they helped target manage service providers (MSPs), which store and manage the intellectual property and data of businesses and governments around the world.


The hacking group gained access to computers in the US, Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates and the United Kingdom. Zhu and Zhang had also registered IT infrastructure that the APT10 Group used to engage in illegal hacking operations.

"This is outright cheating and theft, and it gives China an unfair advantage at the expense of law-abiding businesses and countries that follow the international rules in return for the privilege of participating in the global economic system," Rosenstein said in a statement.

During their campaign, the APT10 Group gained unauthorized access to the computers of over 45 technology companies and U.S. government agencies in at least 12 states, including California, Florida, New York, Texas and Virginia. They then stole hundreds of gigabytes of sensitive data and information from the including from companies and agencies across different sectors, including the NASA Goddard Space Center and Jet Propulsion Laboratory.