The Department of Justice on Wednesday announced that it had charged five Chinese citizens allegedly involved in an “unprecedented” hacking campaign that involved the theft of code, customer data and valuable business data and affected more than 100 companies and institutions across the globe.
“The scope and sophistication of the crimes in these unsealed indictments is unprecedented,” Michael R. Sherwin, acting U.S. attorney for the District of Columbia, said in a statement announcing the charges.
The charges are related to the activities of a group known as “Advanced Persistent Threat (APT)-41” and a related group involving members of the group.
Two businessmen in Malaysia were also accused of conspiring with the alleged hackers to profit on attacks on video game companies. The DOJ said the scheme involved hackers in both China and Malaysia and included the targeting and use of gaming platforms to defraud companies.
“As set forth in the charging documents, some of these criminal actors believed their association with the PRC provided them free license to hack and steal across the globe,” Sherwin said.
Officials said Beijing had turned a blind eye to the alleged criminal activity by its citizens as long as the perpetrators didn’t target Chinese companies.
“Regrettably, the Chinese Communist Party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China,” Deputy Attorney General Jeffrey Rosen said in a statement.
The indictments are part of a broader effort by the Trump administration to call out Chinese cybercrimes. In July, prosecutors accused Chinese hackers of targeting firms working on coronavirus vaccines.
Last month, White House national security adviser Robert O’Brien said Chinese government-linked hackers have been targeting U.S. election infrastructure before the November election. China has denied claims that it hacked U.S. government agencies.
“I’ve been up here too often. We're here today to tell hackers and government officials that turned a blind eye, their actions are once again unacceptable and we'll call them out for it,” FBI Deputy Director David Bowdich said in a press conference.
Bowdich told reporters that catching hackers was like a game of whack-a-mole -- one hacker group is caught, then another is on the run.
The DOJ said in a press release that the intrusions “facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information."
The scheme also allegedly helped other schemes involving ransomware and crypto-jacking -- to mine cryptocurrency.
In addition to the warrants, the DOJ said it had issued seizure warrants that resulted in officials grabbing hundreds of accounts, servers, domain names and other tools used by hackers.
Law enforcement also worked with a number of private sector partners, including Microsoft, Google and Facebook, to neutralize the structures used by APT-41.
Fox News’ David Spunt and The Associated Press contributed to this report.