US and allies: New hacks mean China broke 2015 economic espionage pact
Enlarge / Well, that whole thing clearly worked out well, didn't it? (credit: JASON LEE/AFP/Getty Images)
In a press conference this morning, Deputy Attorney General Rod Rosenstein and FBI Director Christopher Wray announced indictments of two Chinese men connected with China's Ministry of State Security and the hacking group known as APT 10. The two are accused of being responsible for a recent wave of attacks on managed service providers (MSPs) that ultimately targeted both companies and government agencies in 12 countries, including the US. The two are also accused of stealing the Social Security numbers and other personal data of more than 100,000 Navy service members.
Zhu Hua (aea, also known by the hacker names Afwar, CVNX, Alayos, and Godkiller) and Zhang Shilong (a1/4ae3/4TM, AKA Baobeilong, Zhang Jianguo, and Atreexp) were charged with conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft. Both worked for Huaying Haitai Science and Technology Development Company, and are alleged to have acted at the direction of the Chinese Ministry of State Security's Tianjin State Security Bureau. From as far back as 2006 up until this year, Zhu and Zhang targeted and hacked into MSPs seeking intellectual property and confidential business and technological information of more than 45 technology companies in the US alone, as well as U.S. government agencies.
"The APT10 Group targeted a diverse array of commercial activity, industries and technologies, including aviation, satellite and maritime technology, industrial factory, automotive supplies, laboratory instruments, banking and finance, telecommunications and consumer electronics, computer processor technology, information technology services, packaging, consulting, medical equipment, healthcare, biotechnology, pharmaceutical manufacturing, mining, and oil and gas exploration and production," a Justice Department spokesperson said after the briefing. Zhu and Zhang's participation included registering domains and accounts used by the APT10 Group to stage command and control infrastructure and use in attacks on the MSPs.
Read 6 remaining paragraphs | Comments