Threat Watch

Two Chinese Hackers Charged with Global Computer Intrusion

Two Chinese hackers were indicted earlier in July by a grand jury in Spokane, Washington. Li Xiaoyu, age 34, and Dong Jiazhi, age 33, were charged with hacking into the computer systems of companies, government and non-government organizations, clergy, individual dissidents, and Human Rights activists. The attacks occurred throughout the world including Japan, the United States, Australia, Belgium, Germany, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom. Industries infected in the attacks over the last ten years ranged from high tech manufacturing, medical devices, civil and industrial engineering, business, education, gaming software, solar energy, pharmaceutical, and defense. The two hackers carried out attacks for personal financial gain as well as for the benefit of the Chinese government. According to the indictment, the two that were charged exploited publicly known software vulnerabilities in popular web server software, web application development suites, and software collaboration programs. Some of the exploited vulnerabilities that were used were new at the time, which would have made it hard for victims to protect themselves. After initial infection, the attackers placed malicious web shell programs and credential-stealing software on the infected devices. The attackers were trained in computer application technologies at the same electrical engineering college in Chengdu, China.

ANALYST NOTES

It is common for countries including Russia, China, and North Korea to recruit people from their universities. Countries persuade these recruits to be on call to carry out attacks in the interest of the nation-state. In return, the recruits do not get in trouble when carrying out attacks for personal gain. Attacks from actors like this that exploit vulnerabilities are an example of why it is important to patch systems as soon as possible. Most new vulnerabilities have a patch released relatively quickly and should be installed immediately. The press release mentioned that some targeted companies quickly detected and thwarted the attacks, while others were unaware that an intrusion was ongoing until informed by the FBI.

More can be read here: https://www.justice.gov/opa/pr/two-chinese-hackers-working-ministry-state-security-charged-global-computer-intrusion