Chinese hackers in association with China's intelligence services have been hacking into data networks and stealing data and sensitive information from dozens of companies and U.S. government agencies dating back to 2006 and continuing into 2018 in violation of a 2015 accord between the U.S. and China in which the countries agreed not to support the cyber theft of intellectual property, the Department of Justice said on Thursday.
The cyber thefts include data and intellectual property from U.S. companies involved in aviation, space and satellite industries, and from the U.S. Navy and other government agencies.
Two Chinese hackers, who work for a group known as Advanced Persistent Threat (APT)-10 and are linked to the Ministry of State Security, have been targeting and compromising data held by managed service and cloud providers for companies in a dozen countries and in turn providing "sensitive business information that gives competitors and unfair advantage," Deputy Attorney General Rod Rosenstein said.
Deputy U.S. Attorney General Rod Rosenstein. Photo: Dept. of Justice
A DoJ statement outlining charges against the Chinese individuals says they hacked one service provider that manages data and intellectual property for companies and governments globally, over 45 technology companies in at least 12 U.S. states, and U.S. agencies.
The APT10 hacking group cast a wide net to pursue sensitive information from U.S. industries.
Targeted industries and technologies included aviation, satellite and maritime technology, industrial factory automation, automotive supplies, laboratory instruments, banking and finance, telecommunications and consumer electronics, computer processor technology, information technology services, packaging, consulting, medical equipment, healthcare, biotechnology, pharmaceutical manufacturing, mining, and oil and gas exploration and production, the DoJ says.
The Justice Department statement outlines two hacking campaigns, one it calls the Technology Theft Campaign and the other the MSP Theft Campaign, with MSP standing for managed service provider.
The Technology Theft Campaign began around 2006 and resulted in the theft of "hundreds of gigabytes of sensitive data and information from the victims' computer systems," from more than 45 U.S. companies, including seven involved in aviation, space and/or satellite technology, the U.S. Navy, NASA's Goddard Space Center and Jet Propulsion Laboratory, and the Department of Energy's Lawrence Berkeley National Laboratory, the DoJ says.
More than 40 computers were hacked to obtain the Navy data, which includes names, Social Security numbers, birth dates, salary information, personal phone numbers, and email addresses of more than 100,000 personnel, DoJ says.
Computers of more than 25 other technology related companies, including those involved with radar technology, information technology services and computer processors, were successfully accessed, the department says.
The names of the companies that were hacked and had data stolen were not disclosed.
In 2015 then U.S. President Obama and his Chinese counterpart, Xi Jingping reached a deal that prohibits either countries' government from conducting or supporting "cyber-theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors."
Rosenstein highlighted that in the past several months the Justice Department in three cases has charged individuals with stealing data "at the behest of the Chinese Ministry of State Security," which is part of the country's intelligence services.
"In 2015, China promised to stop stealing trade secrets and other confidential business information through computer hacking ‘with the intent of providing competitive advantages to companies or commercial sectors,'" Rosenstein said. "The activity alleged in this indictment violates the commitment that China made to members of the international community."
The DoJ's allegations drew bipartisan condemnation of China's actions.
"President Xi and his lackeys at the Ministry of State Security must understand that they will be held to account for undermining the rules-based international order," Rep. Jim Langevin (D-R.I.), a member of the House Armed Services and Homeland Security Committees, said in a statement. Rep. Will Hurd (R-Texas), who chairs the House Information Technology Subcommittee and is on the Homeland Security and Intelligence Committees, stated,"we are in a hot war with China, and cyber space is the battle space," and added that, "There must be consequences for digital attacks that compromise our national security."
The cyber security company FireEye [FEYE] also issued a statement, saying it has tracked APT10 for years and noted it "is one of the most prolific cyber espionage groups." The company said the group has targeted a number of sectors, including aerospace and the military, telecommunications, high-technology, and government agencies.
"Their move toward compromising managed service providers showcases the danger of supply chain compromises and reflects their continuously evolving tactics," FireEye said. "APT10 is a well-resourced and a global threat."
A joint statement by Secretary of State Michael Pompeo and Homeland Security Secretary Kirstjen Nielsen pointed out that in addition to the Obama-Xi accord China has made the same commitments to major industrialized nations.
"Stability in cyberspace cannot be achieved if countries engage in irresponsible behavior that undermines the national security and economic prosperity of other countries," adding that China's actions threaten "economic competitiveness of companies in the United States and around the globe."
The MSP Theft Campaign involved gaining access to the computers of an MSP to remotely monitor computers and steal user credentials and from there connecting to clients' networks. Eventually, data from the MSP's customers in the financial, telecommunications, consumer electronics, manufacturing, healthcare, biotechnology, mining, automotive supply and drilling sectors was stolen, the DoJ says. Victim companies were located in 12 countries, including the U.S.
s, including the U.S.