'Stone Panda' hackers indicted in campaign that targeted U.S. government networks
- By Derek B. Johnson
- Dec 20, 2018
The Department of Justice announced criminal charges against two Chinese nationals accused of a years-long campaign to hack U.S. government agencies and private companies around the world in order to steal trade secrets and intellectual property.
The two individuals, identified in court papers as as Zhu Hua and Zhang Shilong, are believed to have operated as members of an advanced persistent threat group tied to the Chinese government, Stone Panda, since at least 2006.
In an indictment unsealed Thursday, the pair are accused of spearphishing campaigns aimed at Navy, Department of Energy and NASA networks, as well as at managed service providers in at least 12 countries. They also targeted companies that work in advanced or emerging technology areas, such as aviation, space and satellite technologies and advanced electronic systems.
"America and its many allies know what China is doing, we know why they're doing it, and in some cases, we even know exactly who is sitting at the keyboard perpetrating these crimes in association with the Chinese government," said Deputy Attorney General Rod Rosenstein in a Dec. 20 press conference announcing the charges.
In September, FCW reported on research by U.S. threat intelligence firm Crowdstrike and a mysterious group called Intrusion Truth that linked Shilong and other members of Stone Panda to a specific Ministry of Security Services compound in Tianjin, China. At the time, Adam Meyers, vice president of intelligence for Crowdstrike, predicted that official action from the Department of Justice would not be far behind.
A series of aggressive moves by the Trump administration and Congress toward Chinese hackers and tech companies over the past year have brought a long-simmering debate about China's ongoing intellectual property theft and economic espionage to the forefront.
"China's goal, simply put, is to replace the U.S. as the world's leading superpower, and they're ... using an expanding set of non-traditional and illegal methods to get there," FBI Director Christopher Wray said.
Earlier this year, a senior Chinese official from the Ministry of Security Services was arrested in Belgium and extradited to the U.S. in October to face charges that he systematically stole trade secrets from U.S. aviation companies. Meanwhile, Chinese companies like telecommunications companies Huawei, ZTE and computer chip maker Fujian Jinhua have all faced economic sanctions or other punitive action from U.S. regulators and Congress that seek to block their access to the U.S. market.
China's Ministry of Foreign Affairs could not be reached for comment on the charges, but Chinese officials have generally waved off accusations about their hacking activities in the past.
"China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law,"said Geng Shuang, a spokesperson for the Ministry of Foreign Affairs on Dec. 6. "But China is also a staunch supporter of cybersecurity and has been in close cooperation with all sides on combating cyber crimes. We maintain that the international community should engage in dialogue and cooperation to address cybersecurity threats and uphold shared interests on the basis of mutual respect, equality and mutual benefit."
Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.
Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.
Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at firstname.lastname@example.org, or follow him on Twitter @derekdoestech.
Click here for previous articles by Johnson.