DOJ charges Chinese hackers who allegedly stole data from Navy personnel, defense companies

By Justin Doubleday / December 20, 2018 at 1:50 PM

The Justice Department today announced charges against two Chinese nationals who allegedly took part in a decade-long hacking campaign that involved stealing the personally identifiable information from more than 100,000 Navy personnel and targeted data from numerous companies, including defense and aviation firms.

The Dec. 17 indictment filed in the Southern District of New York alleges the two defendants, Zhu Hua and Zhang Shilong, were members of a hacking group in China known as Advanced Persistent Threat 10, or APT10. Beginning in 2006 and lasting through this year, the group "conducted extensive campaigns of global intrusions into computer systems," acting in association with the Chinese Ministry of State Security, according to the indictment.

During a press conference in Washington today, Deputy Attorney General Rod Rosenstein said the alleged hacking campaign targeted companies in 12 countries, including the United States. More recently, he said. APT10 allegedly went after targets working in industries identified by China's "Made in 2025" initiative.

"Many of the companies allegedly targeted recently by Chinese defendants operate in sectors identified by that official Chinese policy," Rosenstein said.

APT10 allegedly obtained unauthorized access to the computers of more than 45 entities in at least 12 states, including Arizona, California, Connecticut, Florida, Maryland, New York, Ohio, Pennsylvania, Texas, Utah, Virginia and Wisconsin, according to the charges. Around 2014, the group started targeting managed service providers who remotely run IT infrastructure for businesses and governments around the world, the indictment continues.

"You've all heard about situations where you see the cyber equivalent of breaking into a house," FBI Director Chris Wray said during today's press conference. "This is more like breaking into and getting the keys from the maintenance supervisor, who has keys to hundreds and hundreds of apartments and all the residents in those apartments."

The group is alleged to have successfully gained unauthorized access to at least 90 computers belonging to, among other entities, "commercial and defense technology companies and U.S. government agencies," according to the indictment.

It alleges they stole "hundreds of gigabytes of sensitive data and information" from the systems of at least seven companies involved in aviation, space and/or satellite technology, three companies involved in communications technology, three firms involved in advanced electronics and/or laboratory analytical systems, and one company involved in maritime technology, among others. NASA's Goddard Space Center and Jet Propulsion Laboratory are also named as alleged victims.

Additionally, APT10 allegedly hacked into "more than 40 computers" to swipe confidential data from systems belonging to the Navy, including the personally identifiable information of more than 100,000 Navy personnel, according to the indictment. The data allegedly stolen includes names, social security numbers, dates of birth, salary information, personal phone numbers and email addresses, according to the indictment.

The charges do not provide any more specifics on who was targeted and when the hacks are alleged to have occurred.

During today's press briefing, Rosenstein and Wray highlighted the contributions of the Naval Criminal Investigative Service, the Defense Criminal Investigative Service and the Defense Department's Computer Forensic Laboratory. Wray said the laboratory worked with the FBI to analyze hundreds of malware samples, which identified "key links" between victims and APT10's command-and-control infrastructure.

"The Chinese government is not pulling any punches," Wray said. "They want what we have so they can get their upper hand on us, and they're strategic in their approach. They're playing the long game."

The Pentagon in recent months has taken on a more prominent role in U.S. government efforts to protect critical infrastructure and the supply chain from cyber threats, which are primarily seen as emanating from China. Defense Secretary Jim Mattis recently established a “Protecting Critical Technology Task Force” to find ways to better prevent information and key data from being stolen in cyberspace.

Meanwhile, the Navy has put in place rigorous cybersecurity requirements for companies working on the service's "critical" technology programs after one of its contractors was reportedly compromised by Chinese hackers who successfully stole sensitive undersea warfare data.

201118