U.S. authorities prosecute Chinese cybercriminals in hacking cases targeting more than 100 companies and institutions



The U.S. Department of Justice announced on September 16, 2020 that it has charged five Chinese who have hacked more than 100 companies and institutions, including social media and video game companies, universities and telecommunications providers. Five suspects are still on the run, but a Malaysian businessman who colluded with them was reportedly arrested in Malaysia in September and is being handed over.

Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally | OPA | Department of Justice

https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer

US charges 5 Chinese citizens in global hacking campaign
https://apnews.com/abe63876eedc5a95c90a37ca88024809



Five people were indicted: Zhang Haoran, Tan Dailin, Jiang Lizhi, Qian Chuan, and Fu Qiang, all of whom are Chinese. The five were involved in hacking targeting various companies, academics and research institutes, which was carried out by the Chinese-based hacker group '

APT41 '.

The Justice Department did not say that the hacker was directly related to the Chinese government, but officials interviewed by the Associated Press said it was likely that the hacker was acting as an agent for the Chinese government. .. This is because, although the series of hacks also carried out attacks aimed at financial gain, the targets of the hacks included not only for-profit companies but also democratic activists and students from Taiwanese universities.

'Hackers seeking profits don't hack groups that support democracy,' said Michael Sherwin, federal prosecutor in the District of Columbia. Hackers have indicated that they are at least indirectly associated with the Chinese government, as some of the targets overlap with traditional espionage. In addition, one in five indicted has close ties to China's Ministry of State Security and is believed to be protected by the Chinese government.

Deputy Attorney General Jeffrey Rosen has accused the Chinese government of protecting cybercriminals who cooperate with them. All five Chinese suspects are on the run, but two Malaysians allegedly involved in hacking the video game industry in conspiracy with the five were arrested in September 2020 and handed over. It is said that the procedure is in progress.



Two Iranians have also been charged with hacking computer networks in the United States, Europe and the Middle East on September 16, the same day the Chinese were charged.

Two Iranian Nationals Charged in Cyber Theft Campaign Targeting Computer Systems in United States, Europe, and the Middle East | OPA | Department of Justice
https://www.justice.gov/opa/pr/two-iranian-nationals-charged-cyber-theft-campaign-targeting-computer-systems-united-states

Iranian nationals indicted in hacking of US networks --POLITICO
https://www.politico.com/news/2020/09/16/iranian-nationals-indicted-hacking-us-networks-416235



According to the Federal Attorney's Office, was indicted in the Iran

Hamadan is Hooman Heidarian accused and Mehdi Farhadi accused living in. The attacks carried out by the two men can be traced back to 2013, targeting higher education institutions, human rights activists, telecommunications companies, the media, and the defense contracting industry.

The victims were countries such as the United States, United Kingdom, Israel, Saudi Arabia, and Afghanistan, who stole sensitive information about national security and nuclear information, personal financial information, intellectual property, etc. The market was selling data to customers, including the Iranian government. The two have also been charged with destroying websites such as dissidents inside Iran and adversaries of the Iranian government abroad.

Also on September 16, two Russians were indicted and sanctioned at the same time for stealing $ 17 million worth of cryptocurrencies in phishing attacks in 2017 and 2018. I did.

Treasury Sanctions Russian Cyber Actors for Virtual Currency Theft | US Department of the Treasury
https://home.treasury.gov/news/press-releases/sm1123

Two Russians Charged in $ 17M Cryptocurrency Phishing Spree — Krebs on Security
https://krebsonsecurity.com/2020/09/two-russians-charged-in-17m-cryptocurrency-phishing-spree/



Russian defendants Danil Potekhin and Dmitirii Karasavidi have created a fake website that mimics the login pages of cryptocurrency exchanges Binance, Gemini and Poloniex, worth a total of $ 16.8 million. He said he stole the virtual currency. It has been pointed out that the stolen cryptocurrency was washed through another account, and that the large amount of cryptocurrency obtained was used to fluctuate the price and further increase profits.

The Justice Department has charged two people with being involved in advanced phishing and money laundering. At the same time, the US Treasury also announced economic sanctions on the two, freezing property and banning transactions.

in Note, Posted by log1h_ik