Two Chinese nationals have been indicted for seeking to steal COVID-19 vaccine research and hacking hundreds of companies in the United States and abroad, the US Justice Department said Tuesday.
Li Xiaoyu, 34, and Dong Jiazhi, 33, also targeted human rights activists in the United States, China and Hong Kong, Assistant Attorney General John Demers said.
Li and Dong, who are believed to be in China, acted in some instances “for their own personal gain” and in others for the benefit of China’s Ministry of State Security, Demers said at a press conference.
“China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals,” Demers said.
The Justice Department said Li and Dong, who were classmates at an electrical engineering college in Chengdu, have been engaged in a hacking campaign for the past 10 years.
They have targeted companies in the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom, it said.
“Targeted industries included, among others, high tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; defense,” it said.
“More recently, the defendants probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments,” it said.
Justice Department officials said that Li and Dong targeted biotech companies in California, Maryland and Massachusetts but did not appear to have actually compromised any COVID-19 research.
The Justice Department said the hackers also targeted “non-governmental organizations, and individual dissidents, clergy, and democratic and human rights activists in the United States and abroad, including Hong Kong and China.”
According to the indictment, they supplied the Ministry of State Security with passwords for personal email accounts belonging to Chinese dissidents, a Hong Kong community organizer, the pastor of a Christian church in Xi’an and a former Tiananmen Square protestor.
Among the material allegedly stolen were emails between a dissident and the Dalai Lama’s office.
They were accused of stealing source code from software companies, information about drugs under development from pharmaceutical firms and weapons designs and testing data from defense contractors.
Targeted foreign companies were not identified by name.
But according to the indictment they included a Dutch electronics firm, a Swedish online gaming company, a Lithuanian gaming company, a German software engineering firm, a Belgian engineering software company, an Australian defense contractor, a South Korean shipbuilding firm, a Spanish electronics and defense firm and a British artificial intelligence and cancer research company.
Li and Dong allegedly stole information from defense contractors regarding military satellite programs, military wireless networks and communications systems and microwave and laser systems.
The indictment was returned by a grand jury in the Eastern District of Washington state on July 7 but was only unsealed on Tuesday.
Li and Dong were charged with conspiracy to commit computer fraud, conspiracy to commit theft of trade secrets, wire fraud, unauthorized access of a computer and identity theft.
China accused the United States last month of smearing Beijing following allegations that Chinese hackers were attempting to steal coronavirus research.
The claims have added fuel to tensions between the global superpowers, which have traded barbs over the origin of the pandemic that has killed more than 600,000 people since it emerged in China late last year.
“China expresses strong dissatisfaction and firm opposition to such smearing,” foreign ministry spokesman Zhao Lijian said.
“Judging from past records, the US has carried out the largest cybertheft operations worldwide,” Zhao said.