The US Department of Justice has charged today ten Chinese nationals for conspiring to hack and steal intellectual property and confidential data from US and European companies.
The DOJ says that two of the ten are Chinese intelligence officers, six served as hackers, and two were insiders at a French aerospace manufacturer.
"The charged intelligence officers, Zha Rong and Chai Meng, and other co-conspirators, worked for the Jiangsu Province Ministry of State Security ('JSSD'), headquartered in Nanjing, which is a provincial foreign intelligence arm of the People's Republic of China's Ministry of State Security ('MSS')," the DOJ said today in a press release.
US officials claim that between January 2010 to May 2015, the two JSSD intelligence officers "and their team of hackers" focused their efforts on stealing technology related to a new turbofan engine developed by an unnamed French aerospace manufacturer and a US-based counterpart.
The DOJ alleges that with help from the two insiders, the JSSD intelligence officers coordinated a team of five hackers in hacking the French company and stealing its proprietary turbofan engine technology. The two insiders, identified as Tian Xi and Gu Gen, played a central and crucial role in the hack of the French company, according to the DOJ.
US investigators say the two insiders worked for the French company's Chinese office in the city of Suzhou, in China's Jiangsu province. US officials claim that Tian infected the French company's Suzhou office network with malware it received from one of the JSSD officers, while his partner, Gu, was the one that alerted JSSD officers after foreign law enforcement notified the Suzhou office of harboring malware. The DOJ says that this tip-off allowed one of the JSSD officers and one of his hackers to delete a domain that linked the malware to the JSSD.
Furthermore, US investigators say the five hackers --identified as Zhang Zhang-Gui, Liu Chunliang, Gao Hong Kun, Zhuang Xiaowei, and Ma Zhiqi-- also breached other aerospace companies based in Arizona, Massachusetts, and Oregon --all which manufactured parts for the turbofan engine technology they were initially tasked to steal.
Hacks spanned five years, targeted multiple companies in a coordinated manner, and employed a wide variety of techniques, ranging from infections with custom-made malware, to basic spear-phishing campaigns and to hijacking victims' official websites and using them for "watering hole" attacks.
The DOJ believes that the stolen information was used to aid an unnamed Chinese state-owned aerospace company develop "a comparable engine."
The indictment also names a sixth hacker, named Li Xiao, who worked with one of the JSSD hackers, Zhang Zhang-Gui, to hack into a San Diego-based technology company for their personal gains. Li allegedly received and used JSSD-developed malware from Zhang.
A timeline of the hacks, according to the DOJ indictment, is below:
According to the indictment, the ten accused are:
None of the 10 accused suspects are in US custody.
At the start of the month, the US also arrested and extradited a high-ranking director in China's Ministry of State Security (MSS) after the official had attempted to recruit several insiders from multiple US aviation and aerospace companies. The DOJ mentioned the arrest, but did not say that they were related.
Interesting notes: