Chinese Firm Behind Alleged Hacking Was Disbanded This Month

By Josh Chin Features Dow Jones Newswires

A Chinese internet security firm that researchers say is behind sophisticated attacks on Western energy and defense companies disbanded this month amid U.S. accusations that some of its shareholders were involved in hacking and theft of trade secrets.

Continue Reading Below

A U.S. Department of Justice indictment unsealed Monday alleged that three Chinese nationals hacked into the emails of a Moody's Analytics economist and stole confidential business information from German engineering giant Siemens AG.

The indictment identified the three as employees of Guangdong Bo Yu Information Technology Co., also known as Boyusec. Filings with a government-run credit database show that Boyusec was deregistered Nov. 17. The filings also list two of those named in the indictment, Dong Hao and Wu Yingzhuo, as among Boyusec's primary shareholders.

Messrs. Dong and Wu couldn't be reached for comment Tuesday. Boyusec's listed phone number rang unanswered, and an email to a company address didn't immediately elicit a response.

U.S.-based cybersecurity firms FireEye and Recorded Future link Boyusec to a Chinese hacking group, known as APT3 or Gothic Panda, that has targeted Western businesses, governments and defense companies by using previously undiscovered security holes in software called zero-day exploits.

"APT3 is a capable operator, carrying out cyber-espionage activity against a wide range of targets, though their activity has decreased in recent years," said Bryce Boland, Asia Pacific chief technology officer at FireEye.

Continue Reading Below

Monday's indictment is the first filed by the U.S. since Chinese President Xi Jinping and then-U.S. President Barack Obama reached an agreement in 2015 that their governments wouldn't direct or support hacking for commercial purposes.

U.S. officials sought China's assistance in halting Boyusec's activities in October but received "no meaningful response" and so decided to make the charges public, a Justice Department spokesman said Monday.

A spokesman for China's Foreign Ministry said at a regular news briefing Tuesday that he wasn't aware of the situation surrounding Boyusec, but said China is "resolutely opposed" to cyberhacking in any form.

According to the U.S. indictment, Messrs. Dong and Wu, along with another Chinese national, Xia Lei, targeted a Moody's economist's emails in 2011. The indictment provided numerous details about the economist in question, and they closely match the background of Moody's chief economist Mark Zandi. Mr. Zandi declined to comment and referred questions Monday to a Moody's spokesman, who declined to comment on its economist. Mr. Xia couldn't be reached for comment.

In 2015 and 2016, the alleged hackers also stole information from Siemens's energy, technology and transportation businesses and from the networks of GPS developer Trimble Inc., the indictment said.

A Siemens representative said the company doesn't comment on "internal security matters" but that it "rigorously" monitors its networks.

A representative for Trimble said the company had responded to the attempted hacks and determined they had "no meaningful impact" on its business.

Beyond links to hacking group APT3, Recorded Future said Boyusec has indirect ties to China's main intelligence agency, the Ministry of State Security. On its website, Boyusec lists a partnership with a provincial branch of the China Information Technology Security and Evaluation Center, a government information security product-certification agency.

In "China and Cybersecurity," a 2015 book published by Oxford University Press, political scientist Jon R. Lindsay identified the agency as conducting vulnerability testing on behalf of the Ministry of State Security. The agency's Communist Party secretary, Wu Shizhong, also previously served as head of the ministry's technology office, according to government records and a presentation at a conference held at China's Northeast University in 2013.

Neither the China Information Technology Security and Evaluation Center nor the Chinese internet regulator responded to requests for comment. The Ministry of State Security doesn't accept media inquiries.

Write to Josh Chin at josh.chin@wsj.com

Corrections & Amplifications

Story corrected at 10:47 p.m. Original incorrectly stated Guangdong Bo Yu was deregistered Nov. 11 in the third paragraph.

Guangdong Bo Yu Information Technology Co., also known as Boyusec, was deregistered Nov. 17. "Chinese Firm Behind Alleged Hacking Was Disbanded This Month," at 1504 GMT, incorrectly stated it was deregistered Nov. 11 in the third paragraph. (Nov. 29)

(END) Dow Jones Newswires

November 28, 2017 23:00 ET (04:00 GMT)