The US Department of Justice (DOJ) has indicted two Chinese hackers for hacking hundreds of computer systems of American companies and stealing information composing business secrets and development secrets of COVID-19 vaccines.
Assistant Attorney General for Homeland Security John Demers stated at a press conference in Washington that, the two Chinese Hackers LI Xiaoyu (李啸宇), 34, and DONG Jiazhi (董家志), 33, are also implicated of attacking human rights activists from the United States and Hong Kong.
According to the reports, these hackers sometimes worked for their own personal gain, and at other times they worked for the Chinese security services.
The accusation asserts that LI Xiaoyu and DONG Jiazhi worked with the Guangdong Department of State Security (GSSD) of the Ministry of State Security (MSS).
The cybercrimes that are conducted by the Chinese government’s intelligence services not only endanger the United States but also endanger other countries as well.
Hackers mainly target the technology sectors like robotics, aircraft construction, shipbuilding and biotechnology companies, enterprises engaged in renewable energy, and so on.
But, recently, the cybercriminals have now shifted their target on the companies engaged in the development and testing of COVID-19 vaccines.
Hackers Target the Unpatched Flaws in Web Apps
In this incident, the hackers infiltrated the networks of targeted companies through known security flaws in popular web server software, web application development kits, and collaboration software. The cybercriminals took advantage of the fact that some applications were misconfigured, and in some cases, they exploited newly exposed vulnerabilities that are not fixed.
Apart from this, John C. Demers, the Assistant Attorney General for National Security said that “China has now taken its place, alongside Russia, Iran, and North Korea, as they provide a safe shelter for cybercriminals, so that they can work for the benefit of the state; like to satisfy the greedy hunger of the Chinese Communist party for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research.”
Hackers used China Chopper
Hackers used their unauthorized access to gain access to the attacked networks. Then they installed malicious web shells like China Chopper and malware to steal all the available credentials from the attacked systems.
In order to hide the stolen information and bypass the detection, the hackers archive the data into RAR files, and then they change the names and extensions of RAR files and the documents of the victims from .rar to .jpg.
Moreover, they also change the system timestamps, hide the programs and documents in reliable locations like Recycle Bin of the victim’s attacked network. For committing wire fraud and violating the laws, LI Xiaoyu and DONG Jiazhi may get sentenced for up to 40 years.