WASHINGTON -- China has become a safe haven for cyber criminals, US officials said Tuesday (July 21), following the indictment of two Chinese nationals for seeking to steal COVID-19 vaccine research and hacking hundreds of companies around the world.
"China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals," US Assistant Attorney General John Demers said in a US Justice Department statement.
Li Xiaoyu, 34, and Dong Jiazhi, 33, who were classmates at an electrical engineering college in Chengdu, have been engaged in a computer hacking campaign for the past 10 years, said the Justice Department.
"Targeted industries included, among others, high tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; defence," it said.
"More recently, the defendants probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments," it said.
Hiding in China
Both are believed to be in China and being protected by Beijing.
Li and Dong targeted biotech companies but did not appear to have actually compromised any COVID-19 research, said Justice Department officials.
They also targeted "non-governmental organisations, and individual dissidents, clergy, and democratic and human rights activists", said the Justice Department.
Li and Dong supplied the Ministry of State Security with passwords for personal email accounts belonging to individuals of interest to Beijing, according to the indictment.
The pair were accused of stealing source code from software companies, information about drugs under development from pharmaceutical firms and weapons designs and testing data from defence contractors.
Li and Dong allegedly stole information from defence contractors regarding military satellite programmes, military wireless networks and communications systems and microwave and laser systems.
Despite a long history of cyber-crimes committed or ordered by Beijing, Foreign Ministry spokesman Wang Wenbin said, "The Chinese government is a staunch defender of cyber security, and has always opposed and cracked down on cyber attacks and cyber crime in all forms."
The newest hack from China adds to a series of alarming alerts and reports accusing government-backed hackers in Iran, North Korea, Russia and China of malicious activity related to the coronavirus pandemic, from pumping out false news to targeting workers and scientists.
In May, Britain and the United States warned of a rise in cyber-attacks against health professionals by organised criminals "often linked with other state actors".
The US Cybersecurity and Infrastructure Security Agency and Britain's National Cyber Security Centre said they had detected large-scale "password spraying" tactics -- hackers trying to access accounts through commonly used passwords -- aimed at healthcare bodies and medical research organisations.
"Even before the COVID-19 crisis, we assessed a certain level of co-ordination between Russia and the People's Republic of China in the realm of propaganda," said Lea Gabrielle, co-ordinator of the US State Department's Global Engagement Centre, which tracks foreign propaganda.
"Beijing is adapting in real time and increasingly using techniques that have long been employed by Moscow," Gabrielle said.