US accuses two Chinese hackers of global hacking campaign, targeting coronavirus vaccine research

Written by

Two men conspired with Chinese intelligence agencies to steal data from a range of U.S. targets in the medical and defense sectors, including an effort to breach firms working on a potential vaccine for the coronavirus, U.S. Department of Justice officials said Tuesday.

The suspects, Li Xiaoyu and Dong Jiazhi, stole terabytes of information from computers around the world while based in China, according to an indictment unsealed Tuesday. The espionage campaign predates the COVID-19 pandemic, officials said. For more than a decade, the pair allegedly targeted health care firms, pharmaceutical companies, U.S. universities, maritime engineering firms, biotechnology innovation centers and a range of other targets.

The suspects worked with the Chinese Ministry of State Security, said Assistant Attorney General John Demers, though they also hacked for personal profit. Attackers also targeted Chinese dissidents and human rights activists in the U.S., according to the indictment. The scheme began no later than September 2009 and continued into July.

The charges represent an evolution in the Justice Department’s allegations against Chinese hackers. It’s the first time the U.S. has accused the ruling Communist Party of sheltering cybercriminals in exchange for their cooperation with intelligence agencies. China “is willing to turn a blind eye toward criminal hackers operating within its borders,” Demers said.

U.S. prosecutors previously have accused governments in North Korea, Russia and Iran of safeguarding criminal hackers.

“China has now taken its place…in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist Party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” Demers said.

China has consistently denied allegations of state-sponsored cyber-espionage. Both suspects remain in China, outside U.S. jurisdiction, officials said.

Much of the hacking activity outlined in the indictment appears to align with Chinese national interests, including attempted hacks on defense companies and institutions working on issues such as high-speed rail. However the hackers also are accused of trying to steal data from video game companies, including the theft of gigabytes of information from gaming companies in Sweden and Lithuania.

Tuesday’s announcement comes after U.S. government officials repeatedly have stated that foreign hackers have sought to steal research into the coronavirus and COVID-19 vaccine trials from American medical organizations. The U.S., U.K. and Canada on July 16 accused Russian state-sponsored hackers of trying to steal coronavirus research from government, diplomatic, think-tank and health care targets.

In this case, attackers allegedly focused on a Maryland biotechnology firm which previously announced it was conducting research toward a coronavirus vaccine. Another firm, based in Massachusetts, also was targeted as part of this campaign.

“We are concerned that hacking and even attempted hacking could slow down that research,” Demers said.

The publication of the indictment is an implicit acknowledgement from the Justice Department that the suspects are likely to be apprehended by U.S. law enforcement in the immediate future. John Demers, assistant attorney general for national security, told CyberScoop in February that, if prosecutors believe an arrest is likely to occur “within a reasonable time frame,” the government will keep charges sealed.

The indictment is available in full below.