Like the Russian group, the Chinese hackers operated with the assistance of their country’s intelligence agencies. Their interests were broad, covering manufacturing firms, defense contractors, government agencies, game developers and medical device makers; they recently grew to include information about coronavirus vaccine development and other virus-related data.
The suspects also tried to steal other information on Chinese activists for the Ministry of State Security, Beijing’s civilian spy agency, said John C. Demers, the assistant attorney general for national security. The suspects handed over account information and passwords belonging to a Hong Kong community organizer, a former Tiananmen Square protester and a pastor of a Christian church in China.
“You can see by the variety of the hacks that they did how they were being directed by the government,” Mr. Demers said at a news conference at the Justice Department. “Extorting someone for cryptocurrency is not something that the government is usually interested in, nor are criminal hackers usually interested in human rights activists and clergymen.”
The hackers broke into computer networks by researching personal identifying information about employees and customers, which helped them gain unauthorized access, according to law enforcement officials. Once inside, they stole information from pharmaceutical companies about drugs under development and source code from software companies, the indictment said.
Although the Chinese intelligence service in some cases provided them with hacking tools, much of their work was done using more common methods to breach publicly known software vulnerabilities.
The hackers also worked to cover their tracks, sometimes in ways that could damage the data they were stealing, like by changing the file names of information they downloaded, according to court papers. To further avoid detection, the two hackers worked inside computers’ “recycle bins,” where files are hidden by default and harder for system administrators to see.
Mr. Demers said an attempted breach could slow down research because it must be secured, but researchers also must make sure their data has not been corrupted or altered by the intruders. The government officials did not say they had evidence that such manipulation had occurred, however.