NASA, JPL and U.S. Navy Targeted in Chinese Hacks

Two Chinese nationals were accused of orchestrating an “extensive” campaign of economic espionage that hacked more than 45 American companies in at least a dozen states beginning in 2006 and continuing through this year, according to a Department of Justice indictment.

by Del Quentin Wibler, Los Angeles Times / December 21, 2018
Shutterstock/Mehaniq

(TNS) — Two hackers associated with China’s chief security service have been charged with stealing troves of confidential digital information from dozens of U.S. companies, NASA and the Navy, the Justice Department announced Thursday in its latest indictment aimed at alleged Chinese economic and military espionage. 

Among other targets, the hackers allegedly infiltrated Pentagon networks and stole personal data, including dates of birth and Social Security numbers of more than 100,000 sailors and other Navy personnel.

They also infiltrated computers linked to NASA’s Jet Propulsion Laboratory in La Cañada Flintridge, the indictment said.

The charges come amid growing tension between Washington and Beijing over trade policy, military friction in the South China Sea and Chinese ventures in Africa and Latin America. Trump administration officials have increasingly complained of what they describe as an alarming surge in Chinese digital attacks on U.S. companies and government agencies.

Industries as varied as agriculture, banking and finance, telecommunications, biotechnology, automotive, mining and healthcare have been targeted for cyber thefts, the Justice Department said. The hackers also allegedly infiltrated companies in more than a dozen other countries.

The alleged cyber thieves worked for Huaying Haitai Science and Technology Development Co. in Tianjin, China, and they “acted in association” with the Chinese Ministry of State Security, the country’s top intelligence agency, the Justice Department said.

Two Chinese nationals, Zhu Hu and Zhang Shilong, were accused of orchestrating an “extensive” campaign of economic espionage that hacked more than 45 American companies in at least a dozen states beginning in 2006 and continuing through this year, according to the indictment.

Within the cyber security community, Zhu and Zhang were members of an infamous hacking group known as Advanced Persistent Threat 10, according to prosecutors. Their group was also known as Red Apollo, CVNX and Stone Panda, according to the indictment.

“It is unacceptable that we continue to uncover cyber crime committed by China against other nations,” Deputy Atty. Gen. Rod Rosenstein said at a news conference unveiling the unsealing of the indictment in the case.

Zhu and Zhang were indicted by a federal grand jury in New York City on charges of conspiring to commit computer intrusions, conspiring to commit wire fraud and aggravated identity theft.

Prosecutors said that the hackers steadily improved their ability to breach network defenses in a "continuous and unrelenting effort" to steal technology and other information.

Starting in 2014, prosecutors said, the group infiltrated computers and networks of service providers, which manage information technology for businesses and governments worldwide, in an effort to steal "intellectual property and confidential business data on a global scale."

The group successfully hacked a managed service provider with offices in New York that compromised the data of the provider and clients in a dozen countries involved in banking and finance, consumer electronics and oil and gas exploration, prosecutors said. The service provider was not identified.

©2018 the Los Angeles Times. Distributed by Tribune Content Agency, LLC.