The Justice Department on Monday accused three Chinese state security officials of coordinating a vast hacking campaign to steal sensitive and secret information from government entities, universities and corporations around the world, including research related to autonomous vehicles, genetic-sequencing technology and infectious diseases like the Ebola virus.
The announcement came as the White House formally accused the Chinese government of breaching Microsoft email systems and paying criminal groups to extort companies for millions of dollars in ransomware attacks, showing that the Biden administration was determined to aggressively confront Beijing.
In an indictment that had been sealed since May, the Justice Department accused officers in a provincial foreign intelligence bureau, the Hainan Province Ministry of State Security, of creating a sham information security company that they used as a front for a sprawling hacking operation.
The officers, Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin, used the front company to manage a group of computer hackers and linguists who hacked into computer systems around the world to benefit China and hide Beijing’s role in the thefts, according to the indictment. One of the hackers, Wu Shurong, was accused of creating malware that was used to break into foreign computer systems.
From 2011 to 2018, the Chinese intelligence officers targeted companies, universities and government agencies in the United States, Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom, according to court documents. The allegations underscore China’s willingness to flagrantly disregard a 2015 agreement with the United States to refrain from computer-enabled theft of information for commercial gain.
“The breadth and duration of China’s hacking campaigns, including these efforts targeting a dozen countries across sectors ranging from health care and biomedical research to aviation and defense, remind us that no country or industry is safe,” Deputy Attorney General Lisa O. Monaco said in a statement.
Staff and professors at Chinese universities aided the operation by identifying and recruiting hackers and linguists, according to the indictment. Personnel at one university ran the company’s payroll and benefits.
The intelligence officers are accused of targeting aviation, defense, education, government, health care, biopharmaceutical and maritime industries.
Some of the thefts were identified in charges brought during the Trump administration against hackers associated with China’s main intelligence service.
While it is unlikely that all of the defendants will be tried in a U.S. court, national security officials have long said that it is important to publicly charge Chinese officials with wrongdoing as part of a broader effort to hold Beijing to account.