Canada was among 12 countries targeted by two hackers working on behalf of China’s main intelligence agency, U.S. officials said Thursday as they unveiled indictments accusing the two Chinese citizens of cyberespionage.
U.S. officials allege Zhu Hua and Zhang Shillong were members of a group dubbed Advanced Persistent Threat 10 (APT10) and worked for a company called Huaying Haitai in association with the Chinese Ministry of State Security’s Tianjin State Security Bureau.
Court papers filed in Manhattan Federal Court in New York City allege between 2006 and 2018 the hackers were able to breach the computers of more than 45 companies and agencies in a dozen countries, including Canada.
“The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China’s intelligence service access to sensitive business information,” said Deputy Attorney General Rosenstein.
“This is outright cheating and theft, and it gives China an unfair advantage at the expense of law-abiding businesses and countries that follow the international rules in return for the privilege of participating in the global economic system.”
‘Illegal, unethical and unfair’
A poster displayed during a news conference at the Department of Justice in Washington, Thursday, Dec. 20, 2018, shows two Chinese citizens suspected to be with the group AP 10 carrying out an extensive hacking campaign to steal data from U.S. companies. The Justice Department is charging two Chinese citizens with carrying out an extensive hacking campaign to steal data from U.S. companies. (AP Photo/Manuel Balce Ceneta)
The hackers are alleged to have targeted a variety of industries — including aviation, telecommunications, pharmaceuticals and natural resources.
Prosecutors say they also compromised the names, Social Security numbers and other personal information of more than 100,000 U.S. Navy personnel.
“No country should be able to flout the rule of law – so we’re going to keep calling out this behavior for what it is: illegal, unethical, and unfair,” said FBI Director Wray.
In one case, according to the indictment, the APT10 Group obtained unauthorized access to the computers of an unnamed service provider that had offices in New York state and then compromised the data of the provider and clients in Canada, the United States, Britain, Brazil, Finland, France, Germany, India, Japan, Sweden, Switzerland and the United Arab Emirates.
The victims included a global financial institution, three telecommunications or consumer electronics companies, three manufacturing firms, two consulting companies, and businesses involved in healthcare, biotechnology, mining, automotive supply and drilling, U.S. authorities said, without naming the companies.
The office of Public Safety Minister Ralph Goodale and Global Affairs Canada had no immediate comment on the U.S. charges.
With files from The Associated Press
For reasons beyond our control, and for an undetermined period of time, our comment section is now closed. However, our social networks remain open to your contributions.