'Stone Panda' hackers indicted in campaign that targeted U.S. government networks

shutterstock ID:  640599397 By kb-photodesign 

The Department of Justice announced criminal charges against two Chinese nationals accused of a years-long campaign to hack U.S. government agencies and private companies around the world in order to steal trade secrets and intellectual property.

The two individuals, identified in court papers as as Zhu Hua and Zhang Shilong, are believed to have operated as members of an advanced persistent threat group tied to the Chinese government, Stone Panda, since at least 2006.

In an indictment unsealed Thursday, the pair are accused of spearphishing campaigns aimed at Navy, Department of Energy and NASA networks, as well as at managed service providers in at least 12 countries. They also targeted companies that work in advanced or emerging technology areas, such as aviation, space and satellite technologies and advanced electronic systems.

"America and its many allies know what China is doing, we know why they're doing it, and in some cases, we even know exactly who is sitting at the keyboard perpetrating these crimes in association with the Chinese government," said Deputy Attorney General Rod Rosenstein in a Dec. 20 press conference announcing the charges.

In September, FCW reported on research by U.S. threat intelligence firm Crowdstrike and a mysterious group called Intrusion Truth that linked Shilong and other members of Stone Panda to a specific Ministry of Security Services compound in Tianjin, China. At the time, Adam Meyers, vice president of intelligence for Crowdstrike, predicted that official action from the Department of Justice would not be far behind.

A series of aggressive moves by the Trump administration and Congress toward Chinese hackers and tech companies over the past year have brought a long-simmering debate about China's ongoing intellectual property theft and economic espionage to the forefront.

"China's goal, simply put, is to replace the U.S. as the world's leading superpower, and they're ... using an expanding set of non-traditional and illegal methods to get there," FBI Director Christopher Wray said.

Earlier this year, a senior Chinese official from the Ministry of Security Services was arrested in Belgium and extradited to the U.S. in October to face charges that he systematically stole trade secrets from U.S. aviation companies. Meanwhile, Chinese companies like telecommunications companies Huawei, ZTE and computer chip maker Fujian Jinhua have all faced economic sanctions or other punitive action from U.S. regulators and Congress that seek to block their access to the U.S. market.

China's Ministry of Foreign Affairs could not be reached for comment on the charges, but Chinese officials have generally waved off accusations about their hacking activities in the past.

"China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law,"said Geng Shuang, a spokesperson for the Ministry of Foreign Affairs on Dec. 6. "But China is also a staunch supporter of cybersecurity and has been in close cooperation with all sides on combating cyber crimes. We maintain that the international community should engage in dialogue and cooperation to address cybersecurity threats and uphold shared interests on the basis of mutual respect, equality and mutual benefit."

About the Author

Derek B. Johnson is a former senior staff writer at FCW.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected