Sunday, Nov 01, 2020 | Last Update : 04:16 AM IST

  World   Americas  17 Sep 2020  US on the lookout for 5 Chinese superhackers who targeted India

US on the lookout for 5 Chinese superhackers who targeted India

PTI
Published : Sep 17, 2020, 3:49 pm IST
Updated : Sep 17, 2020, 4:54 pm IST

In the attacks, the conspirators installed 'Cobalt Strike' malware on Indian government-protected computers, the indictment said

Acting U.S. Attorney for the District of Columbia Michael R. Sherwin speaks, Wednesday, Sept. 16, 2020 at the Justice Department in Washington. The Justice Department has charged five Chinese citizens with hacks targeting more than 100 companies and institutions in the United States and abroad, including social media and video game companies as well as universities and telecommunications providers. Officials announced the prosecution on Wednesday. (AP)
 Acting U.S. Attorney for the District of Columbia Michael R. Sherwin speaks, Wednesday, Sept. 16, 2020 at the Justice Department in Washington. The Justice Department has charged five Chinese citizens with hacks targeting more than 100 companies and institutions in the United States and abroad, including social media and video game companies as well as universities and telecommunications providers. Officials announced the prosecution on Wednesday. (AP)

Washington: Five Chinese nationals who have been charged by the US justice Department for hacking more than 100 companies and institutions worldwide are said to have compromised several Indian government networks.

Deputy US Attorney General Jeffrey Rosen on Wednesday announced three indictments have been unsealed in the matter that collectively charge five Chinese nationals with computer hacking and charge two Malaysian nationals for helping some of those hackers target victims and sell the fruits of their crime.

 

"In about 2019, the conspirators compromised Government of lndia websites, as well as virtual private networks and database servers supporting the Government of India. The conspirators used VPS PROVIDER servers to connect to an Open VPN network owned by the Government of India," the indictment said.

In the attacks, the conspirators installed 'Cobalt Strike' malware on Indian government-protected computers, it added.

According to the charges, the computer intrusions affected over 100 companies worldwide. The Malaysian nationals were arrested on Sunday and the Chinese nationals have been declared fugitive, according to the US Justice Department statement.

 

Rosen severely criticised the Chinese government. "The Department of Justice has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens. Regrettably, the Chinese Communist Party has chosen a different path - of making China safe for cyber-criminals so long as they attack computers outside China and steal intellectual property helpful to China," the deputy attorney general said.

The victims ranged from software development, computer hardware, telecommunication, social media and video game companies. Non-profit organisations, universities, think-tanks, foreign governments, pro-democracy politicians and activists in Hong Kong were also targeted.

 

Security researchers have tracked the intrusions using labels "APT41, Barium, Winnti, Wicked Panda, and Wicked Spider."

These intrusions facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information, the researchers said.

These intrusions also facilitated the defendants' other criminal schemes, including ransomware and "crypto-jacking" schemes, the latter refers to the group's unauthorised use of victim computers to mine cryptocurrency.

The Chinese hackers also targeted government computers and networks of Vietnam and the United Kingdom. The hackers, however, were not successful in compromising the government computer networks in the United Kingdom.

 

The racketeering conspiracy pertained to the three defendants' conducting the affairs of Chengdu 404 Network Technology (Chengdu 404), a Chinese Government company, through a pattern of racketeering activity involving computer intrusion offenses affecting over 100 victim companies, organisations, and individuals in the United States and around the world, including in Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam, the Justice Department said.

"Today's announcement demonstrates the ramifications faced by the hackers in China but it is also a reminder to those who continue to deploy malicious cyber tactics that we will utilise every tool we have to administer justice," said FBI Deputy Director David Bowdich.

 

Noting that the scope and sophistication of the crimes are unprecedented, Acting US Attorney for the District of Columbia Michael R Sherwin said some of these criminal actors believed their association with the Peoples Republic of China provided them free licence to hack and steal across the globe.

"This scheme also contained a new and troubling cyber-criminal component -- the targeting and utilisation of gaming platforms to both defraud video game companies and launder illicit proceeds," Sherwin said.

Rosen told reporters that as an additional method of making-money, several of the Chinese defendants compromised the networks of video game companies worldwide -- a billion-dollar industry -- and defrauded them of in-game resources.

 

"Two of the Chinese defendants stand accused, with two Malaysian defendants, of selling those resources in the black market, through their illicit website," he said.

Asserting that the Chinese government has the power to help stop crimes like these, Rosen alleged that the Chinese Government has made a deliberate choice to allow its citizens to commit computer intrusions and attacks around the world because these actors will also help them.

Tags: chinese hackers, apt 41, indian government websites, us justice department, cobalt strike malware
Location: India, Delhi, New Delhi