State-Backed Chinese Hackers Indicted for Trying to Steal COVID-19 Research

July 21, 2020 Updated: July 22, 2020

Two Chinese hackers have been indicted for stealing millions of dollars worth of trade secrets and other sensitive information from businesses and government agencies, and attempting to steal COVID-19 research, the Justice Department (DOJ) announced on July 21.

The department unsealed an 11-count indictment against Li Xiaoyu, 34, and Dong Jiazhi, 33, on July 21, alleging that the pair hacked into computer systems of hundreds of victims, including companies, government and nongovernmental organizations, individual dissidents, and human rights activists in the United States and around the world in a decade-long campaign.

Li and Dong, both trained in computer applications technologies, didn’t hack solely for personal benefit, prosecutors alleged. The pair also worked with and were assisted by the Chinese Communist Party’s Ministry of State Security (MSS)—the regime’s chief intelligence agency.

Theft Scheme

The companies Li and Dong targeted were engaged in high-tech manufacturing and other industries such as defense, pharmaceuticals, medical devices, and civil and industrial engineering. The firms were spread across the globe, including in the United States, Australia, Belgium, Germany, and Japan. More recently, the pair had been looking for vulnerabilities in the networks of biotech companies that were known for their COVID-19 related research, prosecutors alleged.

DOJ officials also said the two hackers had on one occasion attempted to extort a victim from whom they had stolen valuable source code. They threatened to publish the code on the internet—hence destroying the value of the code—unless the victim paid them a ransom.

“These intrusions are yet another example of China’s brazen willingness to engage in theft through computer intrusions, contrary to their international commitments, such as their 2015 understanding with the United States and similar understandings with other countries not to conduct or knowingly support cyber-enabled theft of intellectual property,” U.S. Assistant Attorney General for National Security John C. Demers said during a July 21 press conference announcing the indictments.

Demers said the industries targeted by the hackers coincided with industries outlined in Beijing’s Made in China 2025 plan. Rolled out in 2015, the economic blueprint aims to turn China into a global competitor in 10 tech sectors by 2025.

By stealing information from companies in high-tech industries and replicating the technology, Chinese companies can eventually “edge out” their non-Chinese competitors, Demers said, citing the indictment.

He said in one example, the hackers stole gigabytes of data from a Maryland technology and manufacturing firm that would have revealed to competitors the types of products the company was planning to bring to the market. The same data would have also allowed competitors to save on research and development costs, as well as time, thus giving the competitors an advantage in the global marketplace.

In another example, the hackers stole presentations, project files, drawings, and other documents relating to projects for the U.S. Air Force and FBI from a Virginia federal and defense contractor, the indictment alleges.

“China’s anti-competitive behavior in flagrant disregard for their promises not to engage in cyber-enabled intellectual property theft is not just a domestic issue—it is a global issue,” Demers said.

He added that the indictment also highlights how the Chinese regime is willing to turn a blind eye to prolific criminal hacking operations within its borders, citing some of Li and Dong’s alleged criminal activities that were conducted for personal profit.

“China has now taken its place alongside Russia, Iran, and North Korea, in that shameful club of nations that provide a safe haven for cybercriminals, in exchange for those criminals being on call for the benefit of the state,” he said.

FBI Deputy Director David Bowdich echoed Demers’s remarks, saying that the charges were brought with the intention of putting the Chinese officials directing the cyberattacks on notice.

“There are serious consequences and risks for stealing our technology and our intellectual property,” Bowdich said.

He also urged nations partnering with the Chinese regime in economic development projects to reconsider their alliances with the communist nation due to its lack of regard for international law. He noted that the regime has engaged in a pattern of underhanded tactics such as using its economic influence to pressure countries not to expose or challenge its illegal actions such as hacking of companies, laboratories, or governmental organizations.

“This type of economic coercion is not what we expect from a trusted world leader. It is what we expect from an organized criminal syndicate,” Bowdich said.

Li and Dong have also been accused of targeting individuals of interest to the Chinese regime, such as dissidents, clergy, and democratic and human rights activists in the United States, Hong Kong, and mainland China. For example, the pair provided the MSS with email accounts and passwords belonging to a Hong Kong community organizer; the pastor of a Christian church in Xi’an city, China; and a dissident and former Tiananmen Square protester, the indictment said.

They also stole email content from a pastor belonging to a house Christian church in Chengdu city, who was later arrested by local authorities.

The two men have each been indicted on a series of charges including conspiracy to commit wire fraud (which carries a maximum sentence of 20 years in prison), conspiracy to commit theft of trade secrets (maximum 10 years in prison), and conspiracy to commit computer fraud (maximum five years).

Reactions

Responding to the indictment, several lawmakers applauded the department’s efforts to protect American research from the Chinese regime.

“For months, I’ve been warning about Communist China’s attempts to steal or sabotage American vaccine efforts, and today’s announcement demonstrates the reality of this threat,” Sen. Rick Scott (R-Fla.) said in a statement.

“Communist China’s lies and misinformation led to the spread of the coronavirus, and now they want to inhibit our recovery.”

Scott had previously introduced a bill—the COVID-19 Vaccine Protection Act—proposing to vet current Chinese student visa holders who are involved in vaccine research, as a measure to prevent the Chinese regime from stealing or sabotaging the research.

Similarly, Sen. Ben Sasse (R-Neb.) said that indictments such as the one unsealed on July 21 are an “important way to focus attention on an urgent problem.”

“We need to be using more of the tools at our disposal to fight back against this communist aggression,” Sasse said in a statement.

The announcement comes amid the Trump administration’s ongoing efforts to counter the Chinese Communist Party’s (CCP) counterintelligence and economic espionage operations. The DOJ launched the “China Initiative” in 2018 with the aim to counter threats posed by Chinese espionage and other forms of China’s infiltration in the United States.

In a speech earlier this month, FBI Director Christopher Wray said the regime’s theft of U.S. technology and trade secrets is on a scale “so massive that it represents one of the largest transfers of wealth in human history.” Wray said the regime employs a wide range of techniques—from cyber hacking to acquisitions of foreign companies to physical theft—and involves a full breadth of actors, spanning intelligence services, private firms, graduate students, and researchers in order to steal U.S. intellectual property.

He said the CCP is also engaged in campaigns to influence U.S. officials at each level of government, persuading them to take policy positions in line with those of the regime, such as on Taiwan, Hong Kong, and Beijing’s handling of the pandemic.

Attorney General William Barr also made similar comments on July 16, warning corporate America against “kowtowing” to the CCP. He said Hollywood and many U.S. technology companies have allowed themselves “to become pawns of Chinese influence.”

Cathy He contributed to this report.

Follow Janita on Twitter: @janitakan