Report

The United States v. Godkiller (et al.)

U.S. prosecutors indict two Chinese nationals in huge hacking campaign.

U.S. Deputy Attorney General Rod Rosenstein speaks as FBI Director Chris Wray and Assistant Attorney General for National Security John Demers listen during a news conference to announce a China-related national security law enforcement action at the Justice Department in Washington on Dec. 20. (Alex Wong/Getty Images)
U.S. Deputy Attorney General Rod Rosenstein speaks as FBI Director Chris Wray and Assistant Attorney General for National Security John Demers listen during a news conference to announce a China-related national security law enforcement action at the Justice Department in Washington on Dec. 20. (Alex Wong/Getty Images)

The email was tailored to catch the attention of the aerospace executive. Its subject line warned of “C17 Antenna problems”—a likely reference to the American cargo plane of the same name—and included an attached Word document referencing technical data.

But when the executive opened the attachment, it deployed malware that allowed Chinese hackers to burrow into files, observe activity on the computer, and steal data.

That operation was one of several detailed in an indictment American prosecutors released Thursday in Washington charging two Chinese men with participating in a huge hacking operation carried out on behalf of the Chinese government and targeting a wide range of companies and U.S. government agencies. Among the victims: NASA’s Jet Propulsion Laboratory, the U.S. Navy, and a slew of companies in the financial, aviation, biotechnology, telecommunications, and energy industries.

The hacking campaign “gave China’s intelligence service access to sensitive business information” and constituted “outright cheating and theft” that gave China an unfair advantage over law-abiding businesses, said Deputy Attorney General Rod Rosenstein. It constitutes a violation of a 2015 agreement between the leaders of China and the United States to refrain from commercial espionage via hacking, Rosenstein said.

The indictment names Zhu Hua and Zhang Shilong as alleged members of a hacking group that private cybersecurity companies have long documented as APT 10 or “Cloudhopper.” According to the Justice Department, the group acted on behalf of China’s Ministry of State Security intelligence agency. The two men go by a number of online pseudonyms, including “Godkiller” and “Baobeilong.”

The case against them adds to a string of indictments in recent months, in which U.S. prosecutors have accused Chinese operatives of targeting American companies to steal intellectual property and other trade secrets.

It also coincides with a trade dispute between the United States and China, which has rattled markets.

U.S. officials allege that the campaign to steal American knowhow in a range of critical industries, from manufacturers of semiconductors to defense contractors, is part of an effort by Beijing to leapfrog the United States’ technological advantage and build a homegrown high-tech industry.

“China’s goal, simply put, is to replace the U.S. as a world superpower, and they are using illegal means to get there,” FBI Director Chris Wray told reporters on Thursday.

Chinese officials have consistently denied that their operatives are breaking into computer systems to steal intellectual property and argue that China is also targeted by hackers.

The hacking campaign described in Thursday’s indictment ran from 2006 to 2018 and spanned the globe. It alleges that Zhu and Zhang, beginning in 2014, penetrated the systems of an unnamed global managed service provider, which provided remote IT service for a range of companies, and used that access to attack companies in at least 12 different countries, including Brazil, Canada, France, Germany, and the United Kingdom.

According to Reuters, the breached managed service providers included Hewlett Packard Enterprise and IBM.

The indicted hackers also broke into U.S. Navy computers and stole personal information, including names, Social Security numbers, dates of birth, salary information, personal phone numbers, and email addresses belonging to more than 100,000 Navy personnel.

U.S. intelligence officials have said that China is collecting such information in an attempt to build large-scale databases to track American service members and intelligence operatives. Investigators probing the recent breach of the hotel giant Marriott International that compromised the information of some 500 million people believe China was behind that attack.

In a statement issued in conjunction with the indictment, U.K. Foreign Secretary Jeremy Hunt said the hacking campaign was one of the most significant and widespread ever uncovered and that China was responsible for it.

“Our message to governments prepared to enable these activities is clear: together with our allies, we will expose your actions and take other necessary steps to ensure the rule of law is upheld,” Hunt said in the statement—which marked the first time British authorities attributed a hacking campaign to Beijing.

The indicted hackers are well-known figures among students of Chinese hacking operations. In August, Zhang was outed by the anonymous blog “Intrusion Truth,” which purports to reveal the identities of hackers carrying out attacks on foreign firms on behalf of the Chinese government.

Zhang is at least the third Chinese hacker outed by “Intrusion Truth” to be indicted by the Justice Department.

Elias Groll is a staff writer at Foreign Policy. Twitter: @EliasGroll

A decade of Global Thinkers

A decade of Global Thinkers

The past year's 100 most influential thinkers and doers Read Now

Trending Now Sponsored Links by Taboola

By Taboola

More from Foreign Policy

By Taboola