On July 7th, the United States Department of Justice (DOJ) filed a criminal indictment against Chinese cyber-criminals who acted as both self-employed criminals and employees of the Chinese Ministry of State Security (MSS).
Their names are Li Xiaoyu and Dong Jiazhi both are former classmates and chums. They attended an electrical engineering college in Chengdu, China. Li and Dong worked as a tag team to combine their technical training to hack the computer networks of a wide variety of victims. They included companies engaged in high tech manufacturing; civil, industrial, and medical device engineering. The theft didn’t stop there! They stole and replicated intellectual property and important trade secrets from businesses in the educational, and gaming software development; solar energy; and pharmaceutical sectors. Their stolen booty included information about military satellites and ship to helicopter integration systems, wireless networks, communications systems, high powered microwave systems, laser system technology, counter chemical intelligence, and finally, COVID-19 vaccine bio-development information. They left no stone unturned and literally left their criminal digital fingerprints everywhere.
The United States Department of Justice (DOJ) indictment includes 27 pages of a long laundry list of cyber-criminal attacks starting from 2015. Li and Dong were elevated to the top of the list when they were recently discovered looking for vulnerabilities of certain biotech and pharmaceutical companies who are researching and developing Coronavirus / COVID-19 vaccines.
Basically, China is using their students as cybercriminals to steal, and copy their way to technological advancement instead of developing their own. How did they gain such vital and important information?
Li and Dong used web shells, particularly one called “China Chopper.” This widely available and easy to use hacking tool provided the attackers with remote access to targeted business networks. They would also run credential-stealing software to grab user names and passwords. By creating easy access into a victim’s systems, they would copy the data they wanted to steal into an encrypted Roshal Archive Compressed file (RAR). Like other archives, the RAR file is a data container storing one or several files in compressed form. Windows Operating Systems has a default setting that allows a folder to be created and stored where the “Recycle Bin” is located, making it almost invisible to system administrators. Li and Dong operated within the “Recycle Bin” and create extensions such as “.jpg” to make those files appear as images. Thus, disguising the stolen data. The Ministry of State Security (MSS) allegedly provided the two with Zero Day hacking tools that could be used to penetrate corporate networks.
Once they stole the data they would bring it back to China and either sell it to the highest bidder or as directed and allegedly provide it to the MSS. After they breached a company they would go back and re-victimize the same company or organization they attacked in the first place. In addition to hacking and extorting U.S. technology companies, the two allegedly attacked messaging platform tools favored by Hong Kong protestors. The attackers appear to have motivations other than pure financial extortion strengthening the DOJ’s position that the attackers are connected to the MSS.