U.S. Accuses Chinese Nationals of Hacking Spree Targeting COVID Data, Defense Secrets

WASHINGTON — The U.S. Justice Department indicted two Chinese nationals for hacking defense contractors, COVID researchers, and other companies worldwide, according to a court filing published on Tuesday.

U.S. authorities said the Chinese nationals, Li Xiaoyu and Dong Jiazhi, participated in a multiyear cyberespionage campaign that stole weapons designs, drug information, software source code and more.

Contact details for the pair were not immediately available. The Chinese Embassy in Washington did not immediately return a message seeking comment.

The indictment did not name any specific companies, but it said that Li and Dong stole terabytes of data from computers around the world, including the United States, Britain, Germany, Australia and Belgium.

The document alleges that Li and Dong acted as contractors for China’s Ministry of Security, or MSS, a comparable agency to the U.S. Central Intelligence Agency. The MSS, prosecutors said, supplied the hackers with information into critical software vulnerabilities to penetrate targets and collect intelligence. Among those targeted were Hong Kong protesters, the office of the Dalai Lama and a Chinese Christian non-profit.

Assistant Attorney General for National Security John Demers said in a virtual press conference that the hackers occasionally worked on their own account, including a case in which Li allegedly tried to extort $15,000 in cryptocurrency from a victim.

Demers said China had joined the “shameful club of nations who provide a safe haven for cybercriminals” in exchange for their services stealing intellectual property.

The indictment alleged that hackers operated from 2014 to 2020 and most recently attempted to steal cancer research.