The DOJ says that two of the ten are Chinese intelligence officers, six served as hackers, and two were insiders at a French aerospace manufacturer.
"The charged intelligence officers, Zha Rong and Chai Meng, and other co-conspirators, worked for the Jiangsu Province Ministry of State Security ('JSSD'), headquartered in Nanjing, which is a provincial foreign intelligence arm of the People's Republic of China's Ministry of State Security ('MSS')," the DOJ said today in a press release.
US officials claim that between January 2010 to May 2015, the two JSSD intelligence officers "and their team of hackers" focused their efforts on stealing technology related to a new turbofan engine developed by an unnamed French aerospace manufacturer and a US-based counterpart.
The DOJ alleges that with help from the two insiders, the JSSD intelligence officers coordinated a team of five hackers in hacking the French company and stealing its proprietary turbofan engine technology. The two insiders, identified as Tian Xi and Gu Gen, played a central and crucial role in the hack of the French company, according to the DOJ.
US investigators say the two insiders worked for the French company's Chinese office in the city of Suzhou, in China's Jiangsu province. US officials claim that Tian infected the French company's Suzhou office network with malware it received from one of the JSSD officers, while his partner, Gu, was the one that alerted JSSD officers after foreign law enforcement notified the Suzhou office of harboring malware. The DOJ says that this tip-off allowed one of the JSSD officers and one of his hackers to delete a domain that linked the malware to the JSSD.
Furthermore, US investigators say the five hackers --identified as Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi-- also breached other aerospace companies based in Arizona, Massachusetts, and Oregon --all which manufactured parts for the turbofan engine technology they were initially tasked to steal.
Hacks spanned five years, targeted multiple companies in a coordinated manner, and employed a wide variety of techniques, ranging from infections with custom-made malware, to basic spear-phishing campaigns and to hijacking victims' official websites and using them for "watering hole" attacks.
The DOJ believes that the stolen information was used to aid an unnamed Chinese state-owned aerospace company develop "a comparable engine."
The indictment also names a sixth hacker, named Li Xiao, who worked with one of the JSSD hackers, Zhang Zhang-Gui, to hack into a San Diego-based technology company for their personal gains. Li allegedly received and used JSSD-developed malware from Zhang.
The malware that Tian installed on the French company's Suzhou office network was the Sakula malware, the same strain of malware also used in the Anthem, OPM, and other similar hacks. The malware, a remote access trojan, is known to be a powerful tool in the arsenal of Chinese state-sponsored hackers.
One of the hacker nicknames --Gao's "mer4en7y"-- has been previously linked by a Kaspersky 2013 report to a Chinese state-sponsored group known as Winnti, universally known to be associated with Chinese state-sponsored operations focused on intellectual property theft across the globe.