The US Justice Department has charged three Chinese citizens with hacking at least three US firms - Siemens, Moody's Analytics and Trimble – between 2011 and 2017. According to US authorities, the three men were employed at a Chinese security firm called Boyusec, which acted as a front for the activities of an elite Chinese cyberespionage group called APT3.
The US Justice Department charged Wu Yingzhuo with hacking Trimble, Dong Hao with hacking Siemens and Xia Lei with hacking Moody's Analytics. US authorities linked Boyusec to APT3, also known as Gothic Panda, Pirpi and UPS, which is believed to have ties to China's spy agency.
According to a recently unsealed eight-count indictment, Both Wu and Dong are founding members and shareholders of Boyusec, while Xia was an employee. The three have been accused of stealing confidential, intellectual property data from US firms, as well as sensitive employee credentials like usernames and passwords.
APT3 – an elite cyberespionage group
US authorities refrained from mentioning whether the three hackers charged worked on behalf of the Chinese government. However, the indictment hints at a link with APT3, which the infosec community considerers to be one of the most notorious active cyberespionage groups. The hacker group has previously been observed going after Beijing's political adversaries in Hong Kong.
Researchers have also previously observed the group launching zero-day attacks against targets. One report by Recorded Future suggested that Boyusec was a government contractor that operated under the Chinese Ministry of State Security and that the group's "activities support China's political, economic, diplomatic, and military goals".
What did the hackers steal?
Trimble: - According to the Justice Department's indictment, between 2015 and 2016, when Trimble was developing a Global Navigation Satellite Systems technology to boost GPS services on mobile phones, Wu broke into the firm's network to steal trade secrets pertaining to the project. US authorities said Wu and his co-conspirators stole at least 275MB of data.
Siemens:- Between 2014 and 2015, Dong and his co-conspirators accessed Siemens' network to steal nearly 407GB of the firm's proprietary information.
Moody's Analytics: - In 2011, Xia and his co-conspirators broke into Moody's Analytics internal email server and placed a forwarding rule on the account of a prominent employee. This ensured that all emails to and from the employee's account were directed to another email account controlled by the hackers. Xia and the other hackers later accessed the firm's confidential data using the stolen emails.
Despite the US officially charging the three hackers, it remains uncertain whether they will face any jail time. The three are currently believed to be still residing in China and at large.
"The incidents described in the court documents indicate a breach of the 2015 Obama-Xi agreement not to engage in 'cyber-enabled theft of intellectual property,'" Elsa B Kania, an adjunct fellow at the Center for a New American Security, told ArsTechnica. "This indictment could reflect an intensification of US pressure for China to come back into compliance with the agreement, after initial warnings seem to have gone unheeded."