Apt41 hackers and other cybercriminals are charged with computer crimes, including intellectual property (IP) theft, ransomware attacks, and crypto-jacking.
According to the U.S. Department of Justice (DOJ), a federal grand jury in Washington D.C. charged seven international hackers with cybercrimes in three separate indictments in August 2019 and August 2020.
Two Malaysian citizens, Zhang Horan and Tan Dailin have been charged in a 25-count indictment. Three Chinese nationals, Jiang Lizhi, Qian Chuan, and Fu Qiang are charged in a 9-count indictment. And two other Chinese nationals, Wong Ong Hua and Ling Yang Ching were charged in a 25-count indictment.
Defendants used sophisticated and troubling cyber-criminal scheme
“The scope and sophistication of the crimes in these unsealed indictments are unprecedented. The alleged criminal scheme used actors in China and Malaysia to illegally hack, intrude and steal information from victims worldwide,” Michael R. Sherwin, Acting U.S. Attorney for the District of Columbia said in a statement.
“As set forth in the charging documents, some of these criminal actors believed their association with the PRC provided them free license to hack and steal across the globe. This scheme also contained a new and troubling cyber-criminal component, the targeting and utilization of gaming platforms to both defraud video game companies and launder illicit proceeds.”
The list of victims is extensive. The hackers have been linked to computer crimes that have impacted over 100 companies, individuals, and organizations in the United States, South Korea, Singapore, Japan, Australia, and many other countries around the world.
The defendants allegedly hacked software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.
Five of the defendants are citizens of the People’s Republic of China (PRC), where they are living as fugitives. And one of the PRC hackers has allegedly boasted of his connections to the Chinese Ministry of State Security.
The DOJ is determined to neutralize malicious nation-state cyber activity
The computer crimes have been tracked using the threat labels Apt41 hackers, Barium, Winnti, Wicked Panda, and Wicked Spider. These labels were used in the theft of source code, software code signing certificates, customer account data, and valuable business information.
The hackers were allegedly involved in racketeering and other crimes. This includes ransomware attacks and crypto-jacking, in which a group hacks into a victim’s computer to “mine” cryptocurrency.
“Today’s charges, the related arrests, seizures of malware and other infrastructure used to conduct intrusions, and coordinated private sector protective actions reveal yet again the department’s determination to use all of the tools at its disposal and to collaborate with the private sector and nations who support the rule of law in cyberspace,” Assistant Attorney General John C. Demers said. “This is the only way to neutralize malicious nation-state cyber activity.”
The Malaysian connection
Two defendants have been arrested in Malaysia, where they are currently being held for extradition. The two Malaysian businessmen are accused of conspiring with two of the Chinese hackers targeting the video game industry in the United States and abroad.
On Sept. 14, 2020, Malaysian authorities arrested the suspects in Sitiawan. The arrest warrants and the resulting seizure of hundreds of accounts, domain names, servers, and command-and-control (C2) web pages. These C2 or dead-drop web pages are used by the defendants to conduct their computer offenses.
The U.S. Attorney’s Office for the District of Columbia, the National Security Division of the Department of…