Aviation, Defense, Health Care Targeted in Global Chinese Spying, Hacking Scheme
Federal prosecutors in San Diego announced charges Monday against four Chinese nationals accused of hacking computer systems across the globe to steal information to benefit the Chinese government.
The defendants allegedly belonged to and worked for the Hainan State Security Department. The indictment described the agency as a provincial foreign intelligence arm of the People’s Republic of China’s Ministry of State Security.
According to prosecutors, the alleged thefts occurred between 2011 and 2018, involved victims in a dozen countries, and mainly centered “on information that was of significant economic benefit to China’s companies and commercial sectors.”
Authorities allege the goal was to install malware and other hacking tools in computer systems in order to steal data from foreign governments, universities and companies.
The hacks targeted a wide range of industries, including aviation, defense, health care and infectious disease research, prosecutors said.
“This indictment alleges a worldwide hacking and economic espionage campaign led by the government of China,” said Acting U.S. Attorney Randy Grossman. “The defendants include foreign intelligence officials who orchestrated the alleged offenses, and the indictment demonstrates how China’s government made a deliberate choice to cheat and steal instead of innovate.”
The Hainan State Security Department, or HSSD, operated through a front company called Hainan Xiandun Technology, which was publicly marketed as “a fast-growing high-tech information security company,” according to the two-count indictment returned by a grand jury in May and unsealed last week.
According to the indictment, to gain initial access to victim networks, conspirators sent fraudulent phishing emails, that were buttressed by fictitious online profiles and contained links to doppelgänger domain names, which were created to mimic or resemble the domains of legitimate companies.
In some instances, they allegedly used hijacked credentials, and the access they…