Beijing-linked hackers ‘tried to steal’ coronavirus vaccine data
US charges two men accused of targeting drug companies during global cybertheft campaign
Two Chinese men linked to Beijing’s intelligence service targeted vaccine development research during a six-year cybertheft campaign in which trade secrets worth hundreds of millions of dollars were hacked, US prosecutors claim.
Li Xiaoyu, 34, and Dong Jiazhi, 33, are alleged to have stolen data from a wide range of technology companies in countries across the world, including one unnamed “UK artificial intelligence and cancer research firm”, The Times reports.
The US Department of Justice (DoJ) says that the pair’s hacking operation was also “aimed at industries such as defence contractors, high-end manufacturing and solar energy companies” and that they sometimes “operated on behalf of China’s spy services and sometimes to enrich themselves”, adds The New York Times (NTY).
Having previously stolen information about “other Chinese intelligence targets like human rights activists”, the duo shifted their focus to trying to steal coronavirus vaccine research this year, the newspaper reports. It is not clear whether the Covid-related hacking was successful.
According to the DOJ indictment, when “they were stealing information of obvious interest” to the Chinese government, the hackers “were assisted by, and operated with the acquiescence of” the Ministry of State Security (MSS), China’s intelligence agency.
The indictment lists 11 criminal charges against Li and Dong, including conspiracies to commit computer fraud and theft, as well as multiple counts of aggravated identity theft.
According to The Times, the hackers “would often find a way into a network by looking for flaws in software products, especially vulnerabilities that had just been announced and for which most businesses had not had time to install an update to fix”.
Computer security expert Alan Woodward, a visiting professor at Surrey University’s Cyber Security Centre, told the paper that the aim with such a strategy is to “establish a toe hold using one of these vulnerabilities and then directly access data or establish a shell which provides you with your own direct access to the system”.
Announcing the charges against the two Chinese men, US Assistant Attorney General John Demers said that “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cybercriminals in exchange for those criminals being ‘on call’ to work for the benefit of the state”, reports Al Jazeera.
The goal for Li and Dong was “to feed the Chinese Communist Party’s insatiable hunger for American and other non-Chinese companies’s hard-earned intellectual property, including Covid-19 research”, added Demers, who leads the DOJ’s National Security Division.