Chinese hackers charged with stealing data from NASA, IBM, and others
The Department of Justice (DOJ) has charged two chinese nationals with being part of a decade-long, government-sponsored global hacking campaign that included the alleged theft of information from 45 US tech companies and government agencies, including NASA’s Jet Propulsion Laboratory and Goddard Space Flight Center.
The charges, announced after the US govenment, come at a time of high tension between the US and China. In the middle of a detente in the trade war between the two countries, the US recently coordinated with Canada to, one of China’s biggest companies. The Chinese government has detained in response while demanding the executive’s release. The indictment is also just the latest in a long line of accusations that the Chinese government has sponsored american technology.
“As evidenced by this investigation, the threats we face have never been more severe, or more pervasive, or more potentially damaging to our national security, and no country poses a broader, more severe long-term threat to our nation’s economy and cyber infrastructure than China,” FBI Director Christopher Wray said during a press conference Thursday. “China’s goal, simply put, is to replace the US as the world’s leading superpower, and they’re using illegal methods to get there.
Zhu Hua and Zhang Shilong were part of a Chinese hacking group known in the cyber security community as Advanced Persistent Threat 10, or APT10, according to the indictment. The alleged hackers went by a number of different aliases, including “Godkiller,” and the hacking operation was sometimes known as different names like “Red Apollo,” “Stone Panda,” and “POTASSIUM,” according to the charging document.
Starting around 2006 and running through this year, APT10 used an evolving set of techniques to break down network defenses, select victims, and access sensitive information, according to the DOJ. The group relied heavily on spear phishing attacks to place malware on victims’ computers. They masked themselves with seemingly legitimate email addresses, sent messages with attached documents loaded with malicious code, but named the documents in a way that made them look relevant to the company. (The DOJ describes one scenario where employees of an unnamed victim company involved in helicopter manufacturing were sent an email with the subject line “C17 Antenna problems,” and a malicious Microsoft Word document named “12-204 Side Load Testing.doc.”)
The malware gave the hackers remote access to the infected computers, and also allowed them to log employees’ keystrokes, offering up usernames and passwords. Over the course of the hacking campaign, the group accessed at least 90 computers and stole hundreds of gigabytes of data, according to the charging document. This included computers from seven companies involved in aviation, space, and satellite technology, three communications companies, a US Department of Energy National Laboratory, as well as NASA’s Goddard Space Flight Center and its Jet Propulsion Laboratory. The DOJ did not describe the specific nature of the documents that were stolen, and it’s unclear if the indictment is related to the internal memo thatNASSA circulate about a potential hack involving “Personally Identifiable Information.”