Two Chinese hackers face charges against stealing data in about a dozen countries, including the US. The hacking group took a massive amount of US data from government agencies such as NASA, the US Navy, and the Department of Energy. They also targeted 45 tech companies in the country.
The US companies that became victims of this massive breach of data include those in aviation, oil and gas drilling, and communications technology.
Updated on 28 November 2022
Who are these Chinese hackers?
These Chinese hackers are known as Advanced Persistent Threat 10 (APT 10) and aimed to steal intellectual property and commercial data. The two hackers are identified as Zhang Shilong and Zhu Hua worked with a lot of other hackers to obtain sensitive government and commercial information. The US Navy took the worst hit as the group obtained “personally identifiable information” of more than 100,000 Navy personnel.
The US and the UK have taken legal action against this data breach. Zhang and Zhu are now wanted by the FBI.
Are they working with the Chinese government?
According to a statement by Deputy Attorney General Rod Rosenstein, the hacking group gave the Chinese intelligence access to this sensitive information. The hackers worked with the Chinese government to infiltrate over 90 computers that belong to US government agencies. According to the court papers, there were also commercial and defense tech companies located from about a dozen states who were affected by the data breach.
Deputy Atty. Rosenstein says that this was “outright cheating and theft” done by China against law-abiding businesses and countries. China has violated international rules that are followed by many countries for participating in the global economic system.
How did the hackers do it?
These hackers, also known as Stone Panda or POTASSIUM stole sensitive information in the campaign that was started way back in 2006. The technique they used is spear-phishing or sending emails with malicious attachments that would install malware into the computer. If opened, the malware can gain access to usernames, passwords, and other data in the computer.
Spear-phishing is a targeted attack aimed at organizations or individuals to gain unauthorized access to information. Unlike the ordinary phishing scams by random hackers, spear-phishing is done to obtain trade secrets, financial gain, and military information.
Although the purpose is different, it similarly works like random phishing. An email will be sent to the target to look like it came from a legitimate source. This could look like it was sent by someone with an authority from the company so the targets will definitely click on it.
What makes spear-phishing different is that it takes time to conduct it. The hacker will gather information about the target first so that they can personalize the email. This makes it more believable which is why it is almost always successful.
What other countries were also hacked?
Aside from stealing UK and US data, the group also stole sensitive information from companies in Japan, UAE, France, Germany, and Brazil.
To prevent falling prey into spear-phishing attacks, there are seminars that are conducted especially in government agencies and companies. Employees will be tuaght to spot malicious emails before they can infiltrate the system.