Show vulnerabilities with patch / with exploit
22 July 2020

US authorities charge two Chinese nationals for a global hacking operation that targeted COVID-19 research


US authorities charge two Chinese nationals for a global hacking operation that targeted COVID-19 research

The U.S. Justice Department has charged two Chinese nationals over their role in a decade-long cyber espionage campaign that targeted hundreds of victims across the globe, including governments, defense contractors, COVID researchers, non-governmental organizations, human rights activists and other victims.

According to the 11-count indictment, the accused Li Xiaoyu and Dong Jiazhi operated both for their own profit and also for the main Chinese intelligence service, the Ministry of State Security. The hackers were involved in a decade-long cyber espionage campaign that was aimed at companies in countries with high technology industries, including the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom.

“In at least one instance, the hackers sought to extort cryptocurrency from a victim entity, by threatening to release the victim’s stolen source code on the Internet. More recently, the defendants probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments,” the DoJ said in a press release.

The indictment alleges that the accused gained access to victims’ networks using primarily publicly known vulnerabilities in popular web server software, web application development suites, and software collaboration programs, as well as targeting insecure default configurations in common applications. In some cases they exploited newly disclosed flaws that many users had yet to patch.

Upon compromising the target network, the hackers planted malicious web shells (China Chopper web shell), and infostealers to remotely execute commands on victim computers.

“To conceal the theft of information from victim networks and otherwise evade detection, the defendants typically packaged victim data in encrypted Roshal Archive Compressed files (RAR files), changed RAR file and victim documents’ names and extensions (e.g., from “.rar” to “.jpg”) and system timestamps, and concealed programs and documents at innocuous-seeming locations on victim networks and in victim networks’ “recycle bins,” the DoJ said.

According to the indictment, the hackers stole “hundreds of millions of dollars” worth of trade secrets and intellectual property. It is also alleged that the hackers stole data related to military satellite programs, military wireless networks and high-powered microwave and laser systems from defense contractors.

The indictment did not reveal whether the two hackers obtained information related to COVID-19 research. However, prosecutors said that the hackers “conducted reconnaissance” on several biotech companies known for researching a COVID-19 vaccine.

Back to the list

Latest Posts

Vulnerabilities in Gmail and iCloud allow hiding the sender

Vulnerabilities in Gmail and iCloud allow hiding the sender

Manipulating email header fields allows for various types of attacks to deceive the addressee.
6 August 2020
Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020