U.S. prosecutors charged three Chinese nationals with allegedly mounting a global hacking campaign to steal sensitive corporate data from over 100 companies and installing a mass network of crypto-mining malware.
According to an indictment dated May 2019 and unsealed Wednesday, Jiang Lizhi, Qian Chuan and Fu Qiang ran their multi-year front out of the purportedly “white hat” Chinese cybersecurity firm Chengdu 404 Network Technology Co. They’re being charged with money laundering, conspiracy, identity theft and a raft of computer-related allegations, based on allegations they operated a vast crypto-jacking scheme and installed malware on victim computers, among other charges.
Chengdu 404’s “offensive” operations are what raised prosecutors’ ire. Their indictment outlines how Chengdu 404’s chief officers targeted at least 100 “victim companies, organizations and individuals” with a multi-year cyber scheme that employed “big data” analytics to maximize its impact.
Beginning in May 2014, the trio “conspired to commit a sprawling array of computer intrusions targeting protected computers belonging to hospitality, video game, technology and telecommunications companies, research universities, non-governmental organizations, and other organizations around the world,” according to the indictment.
They allegedly stole source code and customer data from the companies, deployed “supply chain hacks” to knock out customers’ own computers like dominoes, infected networks with ransomware and installed cryptocurrency mining malware to bolster Chengdu 404’s bottom line.
“The underlying common goal of the conspiracy was to obtain commercial success for CHENGDU 404 – and personal financial gain for members of the conspiracy – through computer intrusions targeting protected computers,” the indictment read.
The alleged perpetrators brought a hands-on approach to their crypto-jacking operations. As alleged in court filings, Jiang, the vice president for the Technical Department of Chengdu 404, told an unnamed fourth hacker to “get more domains to increase the computing power” of a Singaporean target. “Let's see how the profit is if we get a total of around 10,000 machines.”
Jiang allegedly advised the same hacker to sniff out French and Italian companies as potential targets, saying, “The only thing is that the time difference is a bit troublesome. Going on [ECS #1] at night happens to be their work hours."
The indictment did not state which cryptocurrencies the defendants tried to mine.