A Taiwanese university was hacked and the personal information of 67,000 faculty, students and other employees was stolen, the indictment said
The US Department of Justice has charged five Chinese with hacks targeting more than 100 companies and institutions in the US and abroad, including social media and video game companies, as well as universities and telecoms, officials said on Wednesday.
The five defendants remain fugitives, but prosecutors said that two Malaysian businessmen charged with conspiring with the alleged hackers to profit off the attacks on the video game industry were arrested in Malaysia this week and face extradition proceedings.
The indictments are part of a broader effort by the US to call out cybercrimes by China.
US prosecutors in July accused hackers of working with the Chinese government to target companies developing vaccines for COVID-19, and of stealing hundreds of millions of dollars of intellectual property and trade secrets from companies worldwide.
Though those allegations were tailored to the pandemic, the charges announced on Wednesday — and the range of victims identified — were significantly broader, and involved attacks done both for monetary gain as well as more conventional espionage purposes.
In unsealing three related indictments, officials laid out a wide-ranging hacking scheme, targeting a variety of business sectors and academia, carried out by a China-based group known as APT41.
That group has been tracked over the past year by the firm Mandiant Threat Intelligence, which described the hackers as prolific, and successful at blending criminal and espionage operations.
The department did not directly link the hackers to the Chinese government, but officials said that the hackers were probably serving as proxies for Beijing because some of the targets, including pro-democracy activists and students at a university in Taiwan, were in line with government interests and did not appear to be about scoring a profit.
“A hacker for profit is not going to hack a pro-democracy group,” said Acting US Attorney for the District of Columbia Michael Sherwin.
In addition, one of the five defendants told a colleague that he was very close to the Chinese Ministry of State Security and would be protected “unless something very big happens,” US Deputy Attorney General Jeffrey Rosen said.
Rosen criticized the Chinese government for what he said was a failure to disrupt hacking crimes and to hold hackers accountable.
“Ideally, I would be thanking Chinese law enforcement authorities for their cooperation in the matter and the five Chinese hackers would now be in custody awaiting trial,” Rosen said. “Unfortunately, the record of recent years tells us that the Chinese Communist Party has a demonstrated history of choosing a different path, that of making China safe for their own cybercriminals, so long as they help with its goals of stealing intellectual property and stifling freedom.”
In Taipei, the Ministry of Education yesterday said that it was looking into the alleged leak of personal information involving a university.
A university was hacked in October last year and the personal information of 67,000 faculty, students and other employees was stolen, the US indictment said.
A Taiwanese energy company was also the victim of ransomware planted by the hackers on May 4, with malware preventing company officials accessing the system while it targeted a payment system in the retail sector, the indictment said.
Additional reporting by Rachel Lin
Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.