The US Department of Justice (DOJ) on Tuesday announced the indictment of two hackers, Li Xiaoyu and Dong Jiazhi, for attempting to steal COVID-19 research. Both hackers currently work for Guangdong Province International Affairs Research Center in China.
The indictment alleges that the two have been stealing terabytes of data over the course of 10 years. Most recently, they researched vulnerabilities in the biotech firms’ networks, firms known to be researching COVID-19 vaccines, treatments and technology. Further, the indictment alleges that the hackers stole hundreds of millions of dollars worth of trade secrets.
In his statement on the indictment, Assistant Attorney General for National Security John Demers said:
China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being “on call” to work for the benefit of the state. … Cybercrimes directed by the Chinese government’s intelligence services not only threaten the United States but also every other country that supports fair play, international norms, and the rule of law.
Demers’ statement detailed the 11 counts against Xiaoya and Jiazhi, in which they targeted at least eight companies. Ultimately, the hackers sought technology designs, manufacturing processes, test mechanisms and results, source code and pharmaceutical chemical structures.
Xiaoya and Jiazhi allegedly stole the data both for personal gain and on behalf of China’s Ministry of State Security.
The indictments come approximately a month after the FBI and the Cybersecurity and Infrastructure Security Agency released a joint alert warning that hackers, backed by China, were seeking “public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.”