Federal prosecutors on Wednesday announced charges against five Chinese hackers accused of breaching more than 100 companies, think tanks, universities and government agencies around the world.
Through these intrusions, the hackers stole source code, customer data and other “valuable business information,” the Justice Department said in a statement. They also allegedly used their access to victim networks for ransomware and cryptocurrency mining schemes.
The hackers worked as part of a group that researchers refer to as APT41 and “Wicked Panda.”
The announcement reflects what U.S. officials say is China’s unmatched campaign of digital espionage against the U.S., from ravenous intellectual property theft to mass breaches of sensitive personal data for counterintelligence purposes.
One of the defendants boasted of his ties to China’s Ministry of State Security, according to an indictment.
Beijing, like other major cyber powers, has increasingly turned to criminal hacker groups to further its objectives in what law enforcement officials call a “blended threat.” These government-directed but privately conducted operations are designed to give the regime plausible deniability while still letting the security services control the process.
In addition to two indictments covering the hackers, a federal grand jury in Washington, D.C., also indicted two Malaysian businessmen accused of profiting from some of the hackers’ intrusions into multiple video game companies. Malaysian authorities arrested both men on Monday.