- Federal prosecutors accused a group of hackers based in China and Malaysia with cyberattacks targeting more than 100 companies, government agencies, and nonprofits worldwide in charges unsealed Wednesday.
- It’s one of the largest hacking campaigns to be prosecuted in the US to date, prosecutors said.
- The hackers are accused of being a part of a China-based hacking operation called APT41, also known as Barium.
- Two Malaysian businessmen were arrested Monday in connection with the cyberattacks, according to prosecutors. Five more defendants are believed to still be in China and have not been arrested.
- Federal prosecutors did not specify which organizations were targets of the cyberattacks, but said that Microsoft, Facebook, Apple, Google, and Verizon assisted the government in its investigation.
- Visit Business Insider’s homepage for more stories.
US prosecutors have accused seven men of participating in a sophisticated hacking scheme that targeted more than 100 companies, government agencies, and nonprofits across the globe, according to federal charges unsealed Wednesday.
It’s one of the largest hacking campaigns to be prosecuted in the US to date, and the defendants’ alleged methods laid out in the complaint reveal the prominence of so-called supply chain attacks that target software providers in order to hack their customers.
The defendants are accused of being a part of APT41, also known as Barium, a longstanding hacking group based in China that has been the subject of several other cases brought by the Department of Justice in recent years. Prosecutors say the group worked to steal intellectual property while simultaneously running ransomware attacks for profit.
Two Malaysian businessmen, Wong Ong Hua and Ling Yang Ching, were arrested in Malaysia on Monday in connection with the hacks, a rare occurrence in the prosecution of international cybercriminals.
The other five defendants — Zhang Haoran, Tan Dailin, Jiang Lizhi, Qian Chuan, and Fu Qiang — are believed to remain in China and are unlikely to be extradited, but the US filed charges nonetheless in order to publicly identify them.
"The Department of Justice has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens," Deputy Attorney General Jeffrey Rosen said in a statement. "Regrettably, the Chinese Communist Party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China."
Prosecutors said that between 2014 and 2020, the defendants allegedly targeted social media companies, video game companies, nonprofits, universities, think tanks, and foreign governments, as well as pro-democracy activists in Hong Kong, but didn't name the firms or agencies that were targeted. However, the DOJ said that intelligence teams at Microsoft, Google, Facebook, and Verizon assisted with their investigation.
In addition to targeting those entities' networks, the defendants are accused of creating software called SonarX that served as a searchable database of personal data and social media information. The repository specifically focused on people critical of the Chinese government and Hong Kong residents who opposed the state's new security law that eliminates special freedoms of expression previously afforded to Hong Kong by the Chinese government.
The charges stop short of accusing the defendants of working for the Chinese government, but noted that one of the defendants allegedly boasted of having ties to the Chinese Ministry of State Security.
"The scope and sophistication of the crimes in these unsealed indictments is unprecedented," US attorney Michael R. Sherwin said in a statement. "As set forth in the charging documents, some of these criminal actors believed their association with the PRC provided them free license to hack and steal across the globe."
