Chinese Hackers Charged for Cyber Attacks on Over 100 Companies

The Department of Justice has charged five Chinese nationals with a variety of crimes for allegedly hacking into over 100 organizations worldwide, including targeted attacks on U.S. companies. The defendants were allegedly involved in attacks researchers have tracked by the threat labels “APT41,” “Barium,” “Winniti,” “Wicked Panda” and “Wicked Spider.” Security researchers at the FBI have attributed to the hackers cyber attacks on “software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.” Two Malaysian businessmen were also charged and arrested for allegedly conspiring to profit from two of the Chinese defendants’ alleged illicit intrusions.

The federal court documents released today include an August 2019 indictment against two Chinese nationals, Zhang Haoran and Tan Dailan, as well as an August 2020 indictment against three other Chinese nationals—Jiang Lizhi, Qian Chuan and Fu Qiang—for allegedly committing “hacking offenses targeting high-technology and similar organizations in the United States and elsewhere.” The Justice Department also released a separate August 2020 indictment charging the two Malaysia nationals—Wong Ong Hua and Ling Yang Ching—with 23 counts of racketeering, conspiracy, identity theft, aggravated identity theft, access device fraud, money laundering, violations of the CFAA and falsely registering domain names.

The 2019 indictment, in addition to the separate 2020 indictments against three Chinese nationals and two Malaysian nationals, can be found below: