At a press conference held Monday (5/19), U.S. National Security Attorney General Eric Holder announced charges against five Chinese military hackers for cyber espionage targeting the U.S. private sector for commercial gain.
The indictment alleges members of unit 61398 of the Chinese military conspired to hack into the computers of U.S. businesses targeting information in industries ranging from nuclear power, to renewable energy, to steel.
“Today, we are announcing an indictment against five officers of the Chinese People’s Liberation Army for serious cybersecurity breaches against six American victim entities,” said Holder to reporters. “These represent the first ever charges against known state actors for infiltrating U.S. commercial targets by cyber means.
According to the U.S. Department of Justice, the Chinese military hackers colluded to access information from the computers of six U.S. businesses to steal information that would benefit the victim’s competitors, including Chinese state-owned enterprises. In some cases, the indictment alleges, the conspirators stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen. In other cases, it alleges, the conspirators also stole sensitive, internal communications that would provide a competitor, or an adversary in litigation, with insight into the strategy and vulnerabilities of the American entity.
“The indictment makes clear that state actors who engage in economic espionage, even over the Internet from faraway offices in Shanghai, will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law,” concluded Holder before handing the conference over to Assistant Attorney General John Carlin.
In follow up, Carlin provided additional details concerning the indictment and highlighted the action provided the “hard evidence” Chinese officials have publically challenged the U.S. to present in response to concerns over suspected cyber espionage.
“For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses,” said Carlin. “This indictment describes, with particularity, specific actions on specific days by specific actors to use their computers to steal information from across our economy.”
The victims named in the indictment are Westinghouse Electric Co., Alcoa World Alumina, Allegheny Technologies Inc., U.S. Steel Corp., United Steelworkers Union, and SolarWorld. Defendants in the case are Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, who were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army.
The indictment alleges that Wang, Sun, and Wen, among others known and unknown to the grand jury, hacked or attempted to hack into U.S. entities named in the indictment, while Huang and Gu supported their conspiracy by, among other things, managing infrastructure (e.g., domain accounts) used for hacking from at least 2006 to April of 2014.
View the full indictment here: US v. Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui