The U.S. Justice Department said Wednesday that it had charged five Chinese residents and two Malaysian businessmen in a wide-ranging hacking effort, Reuters reported.
Federal prosecutors said five Chinese nationals had been charged with hacking over 100 companies in the United States and abroad, including software development companies, computer manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks as well as foreign governments and pro-democracy politicians and activists in Hong Kong.
The government also said two Malaysian businessmen were charged with conspiring with two of the Chinese hackers to profit from computer intrusions targeting the video game industry.
According to TechCrunch, Zhang Haoran and Tan Dailin were charged in August 2019 with over two dozen counts of conspiracy, wire fraud, identity theft and charges related to computer hacking. Prosecutors also added nine additional charges against Jiang Lizhi, Qian Chuan, and Fu Qiang last month.
Prosecutors also charged two businessmen, who were arrested in Malaysia, for their role in trying to profit from the group’s intrusions into game companies to steal and sell digital goods and virtual currency.
“Today’s charges, the related arrests, seizures of malware and other infrastructure used to conduct intrusions, and coordinated private sector protective actions reveal yet again the Department’s determination to use all of the tools at its disposal and to collaborate with the private sector and nations who support the rule of law in cyberspace,” said assistant attorney general John C. Demers.
“This is the only way to neutralize malicious nation state cyber activity,” he said.
The hackers are accused of being members of the China-backed APT41 hacking group, also known as “Barium,” to steal source code, customer data, and other valuable business information from businesses in the U.S., Australia, Brazil, Hong Kong, South Korea and other countries.
The indictments said that the hackers worked for a front company, Chengdu 404, which purports to be a network security company but prosecutors say was a cover for the hackers. The alleged hackers used a number of known security vulnerabilities to break into companies and launch attacks against a company’s supply chains, allowing the hackers to break into other companies. The indictments confirm earlier research from security firm FireEye that said APT41 hackers used vulnerabilities against networking gear to break into their victims’ networks.
The hackers also allegedly stole code-signing certificates, which can be used to trick computers into thinking malware is from a legitimate source and safe to run. Last year, APT41 was blamed for a supply chain attack at computer maker Asus, which saw the attackers push a backdoor to at least hundreds of thousands of computers using the company’s own servers.
Prosecutors said the hackers tried to make money by launching ransomware attacks and cryptojacking schemes, which hijack computers with malware to mine cryptocurrency.