by Sean Gallagher, arstechnica.com
China hacked more than 245 companies and agencies, including US Navy and NASA.
In a press conference this morning, Deputy Attorney General Rod Rosenstein and FBI Director Christopher Wray announced indictments of two Chinese men connected with China’s Ministry of State Security and the hacking group known as APT 10. The two are accused of being responsible for a recent wave of attacks on managed service providers (MSPs) that ultimately targeted both companies and government agencies in 12 countries, including the US. More than 245 organizations were attacked, including NASA labs and US Navy networks. The two are also accused of stealing the Social Security numbers and other personal data of more than 100,000 Navy service members.
“The defendants allegedly compromised MSPs in 12 countries,” Rosenstein said, targeting their customers across a breadth of industries. “The defendants committed these crimes in connection with the Ministry of State Security.”
The actions, Rosenstein said, are in direct violation of China’s 2015 agreement with the US to end economic cyber-espionage and other commitments China made to members of the G-20 economic group and the world community. “China promised to stop, but this activity violates the commitment they made,” he said. “We want China to cease illegal cyber activities and honor its commitments, but the evidence suggests they will not.”
This is not the first time, he noted. “More than 90 percent of cases involving alleged economic espionage involve China,” Rosenstein said, as do two-thirds of investigations involving theft of intellectual property. Rosenstein said that China’s continued hacking activities are “unacceptable” and that the US and its allies are united in “responding to China’s economic aggression.”