The Justice Department has brought charges against five suspected Chinese citizens who are alleged to have hacked over 100 companies in the United States, including tech companies, game makers, universities and think tanks.
Zhang Haoran and Tan Dailin were charged with more than two dozen conspiracies, cable fraud, identity theft and computer hack charges in August 2019. The prosecution filed nine additional charges against Jiang Lizhi, Qian Chuan and Fu Qiang last month.
Prosecutors also accused two businessmen arrested in Malaysia of trying to take advantage of the group's interference with game companies to steal and sell digital goods and virtual currency.
"Today's charges, the related arrests, seizures of malware and other infrastructure used to conduct interventions, and coordinated protections by the private sector again demonstrate the Ministry's determination to use all the tools at its disposal and to work with the private sector and to work together with the nations that do support the rule of law in cyberspace, ”said Assistant Attorney General John C. Demers.
"This is the only way to neutralize malicious cyber activity in the nation state," he said.
The hackers are accused of being members of the China-backed APT41 hacking group, also known as "Barium", to steal source code, customer data and other valuable business information from companies in the US, Australia, Brazil, Hong Kong and the South Korea and other countries.
The charges said the hackers worked for a front-line company, Chengdu 404, which is alleged to be a network security company, but prosecutors say it is a cover for the hackers. The suspected hackers used a number of known security vulnerabilities to break into companies and launch attacks on one company's supply chains so that the hackers could infiltrate other companies. The charges confirm earlier investigations by the security firm FireEye into which APT41 hackers used vulnerabilities against network devices to break into their victims' networks.
The hackers also allegedly stole code-signing certificates, which are used to trick computers into believing that malware came from a legitimate source and can be safely executed. Last year, APT41 was blamed for a supply chain attack at the computer manufacturer Asus, in which the attackers pushed a back door to at least hundreds of thousands of computers via the company's own servers.
Prosecutors said the hackers were trying to make money by launching ransomware attacks and cryptojacking schemes that hijack computers with malware to mine the cryptocurrency.
After the charges were filed, prosecutors said they had received arrest warrants to seize websites, domains and servers linked to the group's operations, effectively shut them down and impede their operations.
The suspected hackers are still believed to be in China, but the allegations serve as the "name and shame" of the Department of Justice against government-sponsored cyber-attackers in recent years.