The US and UK have taken the unprecedented step of accusing hackers linked to the Chinese government of waging a sustained cyber-campaign focused on large-scale theft of commercial intellectual property.
Two Chinese nationals were charged in the US in relation to a campaign across Europe, Asia and the US that breached Chinese bilateral and international commitments, American prosecutors said.
A US indictment unsealed on Thursday in unison with a series of British statements accused Chinese hackers of obtaining unauthorised access to the computers of at least 45 entities, including commercial and defence technology companies and US government agencies such as Nasa and the US navy.
The UK Foreign Office and the US indictment allege that a group of non-state employees was operating under the direction and protection of China’s main intelligence agency, the ministry of state security. The group was organised more like a corporation than a gang, a UK government official said.
“China’s goal, simply put, is to replace the US as the world’s leading superpower and they’re using illegal methods to get there,” the FBI director, Chris Wray, said at a news conference. The companies targeted by China were a “who’s who” of American businesses, Wray said.
The US justice department accused China of breaking a 2015 pact to curb cyber-espionage for corporate purposes.
One UK official said it was the most serious, persistent and widespread intrusion ever seen of globally significant companies. “The tentacles of the campaign are vast,” the official said.
‘Significant and widespread’
The issue has been raised privately at the highest levels with China for the best part of two years, including by UK prime minister Theresa May, British officials said.
But the hacking had not stopped, which was why the Chinese were being challenged in public, they added.
In the unsealed US indictment, prosecutors accuse Zhu Hua and Zhang Shillong of acting on behalf of China’s ministry of state security to spy on some of the world’s largest companies by hacking into technology firms to which they outsource email, storage and other computing tasks.
Court papers filed in Manhattan federal court say the victims were in a variety of industries from aviation and space to pharmaceutical technology. Prosecutors charge that the hackers were able to steal “hundreds of gigabytes” of data.
The UK foreign secretary, Jeremy Hunt, said: “This campaign is one of the most significant and widespread cyber-intrusions against UK and allies uncovered to date, targeting trade secrets and economies around the world ? These activities must stop.”
Britain said it was taking no immediate punitive action but would lead a government-guided review of major companies’ security in the new year to better protect them.
Over the past few years, as companies around the globe have sought to cut down information technology spending, they have increasingly relied on outside contractors to store and transfer their data.
When a managed service provider is hacked, it can unintentionally provide attackers access to secondary victims who are customers of that company and have their computer systems connected to them, according to experts.
The timing of the action may further escalate tensions between Washington and Beijing after the arrest of Meng Wanzhou, the chief financial officer of Chinese telecommunications giant Huawei Technologies, in Canada at the request of the US. – Agencies