Beijing-Backed Hackers Indicted for #COVID19 Vaccine Attacks
Two Chinese state-backed hackers have been issued with an 11-count indictment alleging attempts to steal COVID-19 vaccines as part of a hacking spree lasting more than 10 years.
LI Xiaoyu, 34, and Dong Jiazhi, 33, are accused of targeting IP in high-tech, medical, pharma, engineering, business and other sectors in the US, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden and the UK.
Although sometimes acting for personal gain, such as trying to extort cryptocurrency by threatening to release stolen source code, they are said to have worked with the backing of the Chinese government.
Their targets over the 10+ year period included not only businesses but pro-democracy and human rights activists in the US, Hong Kong, China and elsewhere.
According to the indictment, they exploited vulnerabilities in web servers, web app development suites and software collaboration tools to gain a foothold into networks, sometimes targeting newly announced bugs. Web shells and credential harvesting tools were then deployed to enable remote code execution and persistence.
Data set to be exfiltrated was first packaged into RAR files, but the duo are said to have changed file names and extensions and system timestamps, and hidden documents in recycle bins and other locations, to stay hidden. On some occasions they revisited previously breached organizations years after the event, the DoJ claimed.
The two are charged with conspiring to steal IP from eight companies in the form of technology designs, manufacturing processes, test mechanisms and results, source code and pharmaceutical chemical structures.
Li and Dong would spend decades in prison if caught and convicted, although that’s unlikely to happen as long as they remain in China.
