The Justice Department has accused the Chinese government of running an elaborate cyberhacking operation aimed at stealing secrets from Western companies, including U.S. businesses, racing to develop a coronavirus vaccine to deal with the COVID-19 pandemic that began in China six months ago.
In charges filed this month and unsealed Tuesday, federal prosecutors accused two Chinese hackers working with the government in Beijing of stealing hundreds millions of dollars and secrets through a years-long operation that has recently targeted biotechnology companies, including one in Maryland and another in Massachusetts.
The charges were leveled in Spokane, Washington, days after American, Canadian and British officials issued a separate advisory accusing Russian hackers of similarly targeting outfits developing the vaccine. The revelation sparked bipartisan condemnation in Washington and outrage among world leaders.
The hacking operations show the stakes involved in the race to stop COVID-19, which has resulted in a global economic meltdown, frozen international travel and contributed to the deaths of at least 140,000 Americans.
Companies around the world are rushing to develop and test a vaccine and promising treatments that have the power to move global markets.
The 11-count indictment Tuesday accused Li Xiaoyu, 34, and Dong Jiazhi, 33, of conducting a global corporate hacking campaign for more than a decade. Both have worked with the Chinese government and are believed to have researched vulnerabilities in the computer networks of companies publicly known for their work on vaccines and treatments.
Beijing has previously rejected allegations of state-backed hacking operations, but the Chinese government gave no comment Tuesday. Although the indictment didn’t indicate whether hackers obtained any COVID-19 research, U.S. prosecutors left no doubt that they believe Beijing was trying to learn on the sly what leading American researchers knew.
Assistant Attorney General John Demers told reporters that China “has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cybercriminals in exchange for those criminals being ‘on call’ to work for the benefit of the state.”
He said the long and varied list of companies, rights organizations and political activists targeted over the years was a clear sign that Mr. Li and Mr. Dong were linked to the government in Beijing.
“You can see by the variety of the hacks that they did know they were being directed by the government,” Mr. Demers said at a news conference in Washington. “Extorting someone for cryptocurrency is not something that the government is usually interested in, nor are criminal hackers are not usually interested in human rights activists and clergymen.”
Hunting for vulnerabilities
The two people cited in the indictment are not in custody, and federal officials conceded that they are not likely to set foot in a U.S. courtroom. Officials said the hacking operation began more than 10 years ago and that targets included pharmaceutical, solar and medical device companies as well as political dissidents, activists and clergy in the United States, China and Hong Kong.
Prosecutors said the defendants conducted reconnaissance in January on the computer network of a Massachusetts biotech firm known to be researching a potential vaccine and searched for vulnerabilities on the network of a Maryland firm less than a week after it said it was conducting similar scientific work.
The charges are believed to be the first accusing foreign hackers of targeting scientific innovation related to the coronavirus, though Western intelligence agencies have warned for months about those efforts.
U.S. security agencies and their British and Canadian partners last week accused Russian hackers of targeting organizations developing potential coronavirus vaccines, sparking condemnation on both sides of the Atlantic and warnings to companies that their research may be at risk of theft.
Moscow denied responsibility for the cyberspying campaign, which was revealed in an advisory issued by Washington and its allies that claimed the culprits were “almost certainly” part of the Russian government.
China critics on Capitol Hill said Tuesday’s announcement was one more reason for a tougher line against Beijing. Sen. Ben Sasse, Nebraska Republican, and Sen. Chris Van Hollen, Maryland Democrat, have offered a bill to impose sanctions on people such as Mr. Li and Mr. Dong if they are convicted of stealing U.S. intellectual property.
“This indictment reveals yet again that [Chinese President Xi Jinping] leads an army of hackers that steal and attempt to steal every single day, in almost every country and industry,” Mr. Sasse said.