Threat Intelligence, Vulnerability Management

U.S. charges Chinese military group with cyber espionage


The U.S. made a rare move to pursue foreign government employees by charging five Chinese nationals with committing economic espionage against Westinghouse, Alcoa , the U.S. Steelworkers' Union and other large U.S. companies and organizations, in a move that serves as a warning and a wakeup call for both state-sponsored hackers and the companies that they attack.

According to the Department of Justice, a grand jury in the Western District of Pennsylvania handed down 31 indictments against five officers of the Third Department of the Chinese People's Liberation Army (PLA) — Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui. 

At a Monday morning press conference, U.S. Attorney General Eric Holder called the arrests “the first ever charges against known state actors for infiltrating U.S. commercial targets by cyber means.”

And in a statement sent via email correspondence to, Julian Waits, CEO at ThreatTrack Security, noted, “The cyber espionage indictment of Chinese state-sponsored hackers by U.S. federal law enforcement officials today signals the end of business-as-usual in how the U.S. government will handle breaches of intellectual property by foreign nations.”

Craig Carpenter, chief security strategist at AccessData, agreed, saying in a statement sent to that “the very fact these charges were brought at all signals a new era of highly public, government-vs-government allegation.”

U.S. Attorney General Eric Holder, at a Monday morning press conference in Washington called “the range of trade secrets and other sensitive business information stolen in this case” significant and said the alleged hacking demanded “an aggressive response.”

But that “aggressive response” has angered the Chinese government, which swiftly issued a statement through the Chinese Foreign Ministry, accusing the U.S. of “fabricating facts and using so-called stealing network secrets as an excuse.” The Ministry called the action a “serious violation of basic norms of international relations and damages Sino-U.S. cooperation and mutual trust.” As a result, China is putting a halt, at least temporarily, to the Sino-U.S. Internet Working Group activities” and has protested directly to the U.S., calling for the government to withdraw the indictment against the five men.

“It's possible this could cause a Virtual Cold War between the world's biggest economies, with wide-ranging impact on the entire planet,” said Carpenter.

However, the indictments came after lengthy investigation and monitoring — for instance, court documents show that Alcoa was hacked in 2008, according to a report in USA Today. Last year, U.S. security specialists/intelligence pinpointed an office building where the five accused officers were located on the outskirts of Shanghai as a part of a PLA military base and a hub of cyber activity.

In February 2013, Alexandria, Va.-based Mandiant provided a detailed view inside the activities of APT1  –  a unit of the People's Liberation Army (PLA) referred to as the “Shanghai Group” or the “Comment Crew” operating primarily out of Shanghai's Pudong New Area – which had compromised an estimated 141 organizations in 20 major industrial sectors.

Wang, Sun, and Wen allegedly hacked, or tried to hack, into U.S. organizations while Huang and Gu conspired to help them by managing infrastructure and other participating in other activities that supported the group's hacking efforts. Holder said the five PLA officers “will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law.”

“It's possible this could cause a Virtual Cold War between the world's biggest economies, with wide-ranging impact on the entire planet,” said AccessData's Carpenter. “It also begs the obvious question: if the US government felt compelled to go public with these allegations and charges, an admittedly very rare move, how much more has happened that they aren't talking about?"

The answer to that question has far-ranging implications for private enterprise and the way they safeguard their information assets. Contending that it will be difficult to prosecute the five alleged hackers, in a statement sent to Jon Heimerl, senior security strategist at Solutionary, said "it is conceivable that this could increase espionage against the United States, as the charges do more to raise the U.S. position than they do the hacker position."

Calling this incident “a warning to the private sector – especially energy and manufacturing companies – that the threat of cyber espionage is a clear and present danger,” ThreatTrack's Waits said, “These organizations need to take a close look at how they are defending their IP and realize that once the horse has left the stable, the barn door doesn't do much good.

“They're not facing just any cybercriminal organization here. The full weight of a foreign military is purportedly behind these attacks,” he added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.