Two Chinese nationals associated with the cyber espionage group APT10 have been indicted on charges of conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft by the U.S. Department of Justice.
The defendants Zhu Hua (aka Afwar, CVNX, Alayos and Godkiller) and Zhang Shilong, (aka Baobeilong, Zhang Jianguo and Atreexp) allegedly conducted their attacks as part of the cybergang APT 10, while employed by the Chinese firm Huaying Haitai Science and Technology Development Company. During this period, the duo also acted in association with the Chinese Ministry of State Security’s Tianjin State Security Bureau, the DOJ said in a statement.
“The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China’s intelligence service access to sensitive business information,” said Deputy Attorney General Rod Rosenstein. “This is outright cheating and theft, and it gives China an unfair advantage at the expense of law-abiding businesses and countries that follow the international rules in return for the privilege of participating in the global economic system.”
Shilong had earlier been connected to APT10 by the APT hunting group Intrustion Truth and security firm Crowdstrike. APT10 is thought to be behind a long list of attacks including the targeting the U.S. Navy, NASA and various Japanese companies, and operating the Cloud Hopper campaign. It is also tentatively linked to the massive Office of Personnel Management breach in 2015.
“China’s goal, simply put, is to replace the U.S. as the world’s leading superpower—and they’re breaking the law to get there. They’re using an expanding set of non-traditional and illegal methods. And Chinese state-sponsored actors are the most active perpetrators of economic espionage against us,” said FBI Director Christopher Wray.
The DOJ estimates the two defendants began their affiliation with APT10 starting in 2006 and possibly continued their relationship to the group as late as 2018. If this time frame proves accurate, it would indicate that China did not abide by its 2015 agreements with the U.S. and UK to not conduct industrial cyber espionage against each other.
“This campaign shows that elements of the Chinese government are not upholding the commitments China made directly to the UK in a 2015 bilateral agreement,” the British government said in a statement.
Some of the industries allegedly hit during the defendants’ alleged tenure with APT10 were aviation, automotive supplies, computer processor technology and consumer electronics. In these cases, the alleged attackers attempted to gather intellectual property and confidential business and technological information.
“It appears the Chinese agreed to cyber non-aggression, but operations dating back to 2006 merely changed targets and kept going on a reduced but no-less-harmful scale,” said Sam Curry, chief security officer, Cybereason. “The charges against Zhu Hua and Zhang Shilong may or may never see them in a U.S. court, but that doesn’t matter. What matters is the perception of legality.”