U.S. authorities announced that five Chinese nationals linked to a China-backed hacking group have been charged with breaking into the computer systems of more than 100 companies in the U.S. and abroad.
Two of the five alleged hackers — Zhang Haoran, 35, and Tan Dailin, 35 — were indicted by a grand jury in August 2019 while Jiang Lizhi, 35, Qian Chuan, 39, and Fu Qiang, 37, were indicted by a separate grand jury in August 2020.
According to the Department of Justice, the five are members of “APT41,” which cybersecurity firm FireEye has described as “a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control.”
“Ideally, I would be thanking Chinese law enforcement authorities for their cooperation in this matter and the five Chinese hackers would now be in custody awaiting trial,” Deputy Attorney General Jeffrey Rosen said at a news conference.
“Unfortunately, the record of recent years tells us that the Chinese Communist Party has a demonstrated history of choosing a different path, that of making China safe for their own cybercriminals, so long as they help with its goals of stealing intellectual property and stifling freedom,” he added.
Prosecutors said Zhang and Tan have been committing computer hacking offenses since at least May 2011, using spear-phishing emails and “supply chain attacks” to install undetectable malware in the networks of high-tech and similar organizations.
They also allegedly hacked video game companies, obtaining and otherwise generating digital items of value such as video game currency and then selling them for profit.
The other indictment charged Jiang, Qian, and Fu with conspiring to commit a “sprawling array” of hacks against organizations to steal source code and facilitate ransomware schemes.
“The United States government is starting to turn the tide on Chinese intrusion operations on Western companies and targets,” Adam Meyers, CrowdStrike’s head of threat intelligence, told The New York Times.
John Hultquist, senior director of analysis at Mandiant, told TechCrunch that APT41 conducted primarily financially motivated operations focused on the video game industry before expanding into traditional espionage.