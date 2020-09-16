Federal authorities on Wednesday announced three indictments charging five Chinese nationals and two Malaysians with conducting criminal and political hacking operations tacitly approved by the Chinese government and linked to the Ministry of State Security intelligence service.

The hackers are accused of global cyber operations against networks in the United States, including for the first time systems used by video game companies, a billion-dollar industry.

Other targets included software development companies, computer hardware manufacturers, telecommunications providers, social media companies, non-profit organizations, universities, think tanks and foreign governments, the Justice Department said in unsealing the indictments. The hackers also were charged with targeting pro-democracy politicians and activists in Hong Kong, a major target of Chinese intelligence seeking to neutralize democratic opposition in the former British colony.

The hacking operations began around 2011 and continued through 2018, the indictment states.

The indictments were handed up to prosecutors by a federal grand jury in August 2019 and last month.

Two Malaysian businessmen linked to the Chinese hackers were arrested Monday in Sitawan, Malaysia and the Justice Department is seeking their extradition.

“The scope and sophistication of the crimes in these unsealed indictments is unprecedented,” said Michael R. Sherwin, acting U.S. attorney for the District of Columbia. “The alleged criminal scheme used actors in China and Malaysia to illegally hack, intrude and steal information from victims worldwide.”

Mr. Sherwin said that the hackers motives appeared to be criminal in nature, but they also operated as “proxies” for the Chinese government. That was evident in hacks of networks of pro-democracy groups and institutions.

The hackers were able to make “millions of dollars” and believed their association with the Chinese government “provided them free license to hack and steal across the globe,” Mr. Sherwin said. “This scheme also contained a new and troubling cyber-criminal component — the targeting and utilization of gaming platforms to both defraud video game companies and launder illicit proceeds.”

Security researchers have given the hacking group several names, including “Advanced Persistent Threat 41,” “Wicked Panda,” “Barium,” “Winnti” and “Wicked Spider.”

The activities involved the theft of proprietary software, customer account data and other valuable business information. The hackers are also alleged to have carried out ransomware attacks and “crypto-jacking — unauthorized use of computers to mine cryptocurrencies.

Federal authorities also seized a number of internet accounts, servers and command-and-control “dead drop” websites used by the hackers.

Microsoft, Google, Facebook and Verizon and other companies cooperated with authorities in the investigation and Microsoft helped block the hackers’ access to some targeted computer networks, the Justice Department said.

“The Department of Justice has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens,” said Deputy Attorney General Jeffrey A. Rosen. “Regrettably, the Chinese Communist Party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.”

The five hackers facing the charges were identified as Chinese nationals Zhang Haoran, 35; Tan Dailin, 35; Jiang Lizhim 35; Qian Chuan, 39; and Fu Qiang. They are believed to be in China. Mr. Zhang and Mr. Tan were charged with 25 counts of conspiracy, wire fraud, aggravated identity theft, money laundering and computer violations.

Mr. Zhang and Mr. Tan also are charged with taking part in a conspiracy that made money by hacking video game companies and stealing the games’ “currency” for resale. According to prosecutors, the two men hacked gaming company networks and generated fraudulent gaming artifacts in a bid to eliminate competition from other hackers.

The three other hackers were charged with nine counts of racketeering conspiracy, access device fraud, identity theft, aggravated identity theft and money laundering. The racketeering involved a Chinese company called Chengdu 404 Network Technology that was involved in hacking into over 100 victim companies, organizations, and people in the United States and around the world.

The countries where the activities took place included Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam.

The hackers also broke into government computer networks in India and Vietnam and targeted but failed to break into British government networks.

The Chengdu 404 hackers used sophisticated techniques, including a supply chain attack that utilized software providers and permitted the hackers to conduct intrusions against the providers’ customers.

The Malaysians were identified as Wong Ong Hua, 46, and Ling Yang Ching, 32, who were charged with 23 counts of racketeering, conspiracy, identity theft, access device fraud, and money laundering.

Both men used a company in Malaysia called Sea Gamer Mall, founded by Mr. Wong that targeted video game companies in the U.S., Japan, Singapore, and South Korea.

“Today’s charges, the related arrests, seizures of malware and other infrastructure used to conduct intrusions, and coordinated private sector protective actions reveal yet again the department’s determination to use all of the tools at its disposal and to collaborate with the private sector and nations who support the rule of law in cyberspace,” said Assistant Attorney General John C. Demers. “This is the only way to neutralize malicious nation-state cyber activity.”

Sign up for Daily Newsletters Manage Newsletters

Copyright © 2020 The Washington Times, LLC. Click here for reprint permission.