US authorities charge two Chinese nationals for a global hacking operation that targeted COVID-19 research

US authorities charge two Chinese nationals for a global hacking operation that targeted COVID-19 research

The U.S. Justice Department has charged two Chinese nationals over their role in a decade-long cyber espionage campaign that targeted hundreds of victims across the globe, including governments, defense contractors, COVID researchers, non-governmental organizations, human rights activists and other victims.

According to the 11-count indictment, the accused Li Xiaoyu and Dong Jiazhi operated both for their own profit and also for the main Chinese intelligence service, the Ministry of State Security. The hackers were involved in a decade-long cyber espionage campaign that was aimed at companies in countries with high technology industries, including the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom.

“In at least one instance, the hackers sought to extort cryptocurrency from a victim entity, by threatening to release the victim’s stolen source code on the Internet. More recently, the defendants probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments,” the DoJ said in a press release.

The indictment alleges that the accused gained access to victims’ networks using primarily publicly known vulnerabilities in popular web server software, web application development suites, and software collaboration programs, as well as targeting insecure default configurations in common applications. In some cases they exploited newly disclosed flaws that many users had yet to patch.

Upon compromising the target network, the hackers planted malicious web shells (China Chopper web shell), and infostealers to remotely execute commands on victim computers.

“To conceal the theft of information from victim networks and otherwise evade detection, the defendants typically packaged victim data in encrypted Roshal Archive Compressed files (RAR files), changed RAR file and victim documents’ names and extensions (e.g., from “.rar” to “.jpg”) and system timestamps, and concealed programs and documents at innocuous-seeming locations on victim networks and in victim networks’ “recycle bins,” the DoJ said.

According to the indictment, the hackers stole “hundreds of millions of dollars” worth of trade secrets and intellectual property. It is also alleged that the hackers stole data related to military satellite programs, military wireless networks and high-powered microwave and laser systems from defense contractors.

The indictment did not reveal whether the two hackers obtained information related to COVID-19 research. However, prosecutors said that the hackers “conducted reconnaissance” on several biotech companies known for researching a COVID-19 vaccine.

Back to the list

Latest Posts

Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025
Threat actors exploit Vercel's AI tool v0 to build sophisticated phishing pages

Threat actors exploit Vercel's AI tool v0 to build sophisticated phishing pages

The malicious actors used v0.dev to create fake login pages mimicking legitimate brands.
2 July 2025
Qantas alerts customers to potential data breach after third-party cyberattack

Qantas alerts customers to potential data breach after third-party cyberattack

Attackers accessed and exfiltrated data from the compromised platform.
2 July 2025