DOJ indicts Chinese, Malaysian hackers accused of targeting over 100 organizations

The Justice Department on Wednesday announced indictments against five Chinese and two Malaysian individuals for allegedly targeting and hacking more than 100 companies in the U.S. and around the world.

The five Chinese nationals, part of a hacking group known as “APT41,” were charged with targeting video game companies, telecommunications groups, social media platforms, computer hardware manufacturers, foreign governments, universities, think tanks and pro-democracy activists in Hong Kong, while two Malaysian nationals were taken into custody for conspiracy in some of the attacks.

In addition, the Justice Department announced that the U.S. Attorney’s Office for the District of Columbia had issued warrants to seize hundreds of accounts, servers and domain names used by the alleged hackers to conduct attacks. The agency noted that Microsoft assisted this effort by implementing measures to block the hackers from accessing networks, and that Facebook, Verizon and Google had also assisted in this effort.

“Today’s charges, the related arrests, seizures of malware and other infrastructure used to conduct intrusions, and coordinated private sector protective actions reveal yet again the department’s determination to use all of the tools at its disposal and to collaborate with the private sector and nations who support the rule of law in cyberspace,” Assistant Attorney General John Demers said in a statement. “This is the only way to neutralize malicious nation state cyber activity.”

While law enforcement officials did not directly attribute the attacks to the Chinese government, Michael Sherwin, the acting U.S. attorney for the District of Columbia, told reporters Wednesday that some of the Chinese nationals indicted carried out the attacks with the confidence that the Chinese government would not move against them.

“They were working for personal gain, but they also were proxies for the Chinese government,” Sherwin said.

The Justice Department on Wednesday announced indictments against two Iranian nationals for allegedly targeting and stealing sensitive data from groups in the United States, Europe and the Middle East, in some cases with Iranian government support.

Hooman Heidarian and Mehdi Farhadin are accused of stealing hundreds of terabytes of data, in some cases at the direction of Tehran, beginning in 2013 from groups including American and foreign universities, a Washington, D.C.-based think tank, a defense contractor, an aerospace organization and other groups seen as adversarial to Iran.

Heidarian and Farhadi are alleged to have stolen data including communications on national security, foreign policy intelligence, nuclear information, human rights activism and financial information.

According to the Department of Justice, the targeting affiliated with the Iranian government included hacking computer systems connected to Iranian dissidents, human rights groups and opposition leaders.

The two are also accused of vandalizing websites through defacing them with pro-Iranian government messages and are alleged to have used multiple methods to gain access to networks, including developing a botnet to spread malware viruses and spam their targets.