The hackers have also allegedly targeted dissidents and human rights activists in the US, China and Hong Kong, as well as hundreds of businesses in more than 10 countries, as part of a 10-year-old campaign that amassed terabytes of stolen data, John Demers, the head of the Justice Department’s National Security Division, said Tuesday.
One of the hackers, Li Xiaoyu, allegedly conducted electronic reconnaissance on at least four US-based companies that were publicly known to be working on coronavirus projects.
According to the indictment, in late January, Li scanned for vulnerabilities in the networks of Maryland and Massachusetts biotechnology firms that were researching coronavirus vaccines. The next month, he targeted a California company that had just announced it was researching antiviral drugs to treat the virus. In May, Li took aim at a California diagnostics company that was developing coronavirus testing kits.
Prosecutors did not allege that the hackers actually breached the networks or stole information from the American companies working on the coronavirus, although a senior Justice Department official noted that the searches for network weaknesses that Li is accused of doing are a standard precursor to an attempted hack.
Li and another Chinese national, Dong Jiazhi, are charged with 11 federal counts including conspiracy to commit theft of trade secrets and aggravated identity theft. The pair worked from China, where they are still believed to be located.
While the indictment does not specify if the hackers had been working at the behest of the Chinese government as they targeted the coronavirus projects, senior national security officials have been warning of Chinese government attempts to steal coronavirus research from US institutions for months.
Officials from the US, UK and Canada also said last week that Russian cyber actors were targeting organizations involved in coronavirus vaccine development.
The indictment does allege that Li and Dong worked alongside a Chinese intelligence officer from a Guangdong outpost of the country’s Ministry of State Security in other instances, including the theft of personal information of Chinese dissidents.
The hackers provided the MSS officer with email accounts and passwords belonging to a Hong Kong community organizer, the pastor of a Christian church in China, and a dissident and former Tiananmen Square protestor, the indictment alleges.
Much of the information stolen by the hackers from businesses across the globe — comprising hundreds of victims, Justice Department officials said — was also in line with the areas the Chinese government has said they wanted to advance.
The Trump administration has blasted the Chinese government for a campaign of economic espionage and intellectual property theft to achieve those goals, and in the indictment, Li and Dong are accused of stealing information regarding military satellite programs and high-powered microwave and laser systems from defense contractors, among other defense technology.
The indictment also marks the first time that the US is accusing the Chinese government of propping up the hackers as they conduct their own work unrelated to any government taskings.
“China has now taken its place alongside Russia, Iran and North Korea in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being on-call for the benefit of the state,” Demers said.