Federal authorities on Wednesday indicted five Chinese nationals and two Malaysians on charges of criminal and political hacking operations that U.S. officials say were tacitly approved by the Chinese government and linked to the Ministry of State Security intelligence service.
The hackers are accused of global cyber operations against networks in the United States, including for the first time systems used by video game companies, a billion-dollar industry.
Other targets included software development companies, computer hardware manufacturers, telecommunications providers, social media companies, nonprofit organizations, universities, think tanks and foreign governments, the Justice Department said in unsealing the indictments.
In addition to commercial enterprises, the hackers also were charged with targeting pro-democracy politicians and activists in Hong Kong, as Beijing seeks to neutralize democratic opposition in the former British colony.
The hacking operations began around 2011 and continued through 2018, the indictment states. Two Malaysian businessmen linked to the Chinese hackers were arrested Monday in Sitawan, Malaysia and the Justice Department is seeking their extradition.
“The scope and sophistication of the crimes in these unsealed indictments is unprecedented,” said Michael R. Sherwin, acting U.S. attorney for the District of Columbia. “The alleged criminal scheme used actors in China and Malaysia to illegally hack, intrude and steal information from victims worldwide.”
Mr. Sherwin said that the hackers’ motives appeared to be criminal in nature, but they also operated as “proxies” for the Chinese government, as evidenced by the operations against networks of pro-democracy groups and institutions.
The hackers were able to make “millions of dollars” and believed their association with the Chinese government “provided them free license to hack and steal across the globe,” Mr. Sherwin said. “This scheme also contained a new and troubling cyber-criminal component — the targeting and utilization of gaming platforms to both defraud video game companies and launder illicit proceeds.”
Security researchers have given the hacking group several names, including “Advanced Persistent Threat 41,” “Wicked Panda,” “Barium,” “Winnti” and “Wicked Spider.”
The accused are said to have stolen proprietary software, customer account data and other valuable business information. The hackers are also alleged to have carried out ransomware attacks and “crypto-jacking — unauthorized use of computers to mine for cryptocurrencies.
Microsoft, Google, Facebook and Verizon and other companies cooperated with authorities in the investigation and Microsoft helped block the hackers’ access to some targeted computer networks, the Justice Department said.
“The Department of Justice has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens,” said Deputy Attorney General Jeffrey A. Rosen. “Regrettably, the Chinese Communist Party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.”
The five Chinese hackers are believed to still be in their home country.
Two of the accused, Zhang Haoran and Tan Dailin, also face 25 counts of conspiracy, wire fraud, aggravated identity theft, money laundering and computer violations. The two are alleged to have hacked into video game companies to steal the games’ “currency” for resale to other gamers. The three other Chinese hackers were charged with nine counts of racketeering conspiracy, access device fraud, identity theft, aggravated identity theft and money laundering.
The racketeering involved a Chinese company called Chengdu 404 Network Technology that was involved in hacking into over 100 companies, organizations, and individual accounts in the United States and more than a dozen other countries.
The hackers also broke into government computer networks in India and Vietnam and targeted but failed to break into British government networks.
The Chengdu 404 hackers used sophisticated techniques, including a supply chain attack that utilized software providers and gave the hackers to access to the accounts of the providers’ customers.
The two Malaysians hackers face 23 counts of racketeering, conspiracy, identity theft, access device fraud, and money laundering. The Justice Department said the two men used a Malaysia-based company called Sea Gamer Mall to steal from video game companies in the U.S., Japan, Singapore and South Korea.