Millions of Americans’ online accounts have been caught up in a “sinister” Chinese hacking plot that targeted US officials, the justice department and FBI said on Monday.
Seven Chinese nationals have been charged with enacting a widespread “malicious” cyber-attack campaign.
The operation allegedly went on for over a decade.
The justice department said hackers had targeted US and foreign critics of China, businesses, and politicians.
The seven men allegedly sent over 10,000 “malicious emails, impacting thousands of victims, across multiple continents”, in what the justice department called a “prolific global hacking operation” backed by China’s government.
“Today’s announcement exposes China’s continuous and brash efforts to undermine our nation’s cybersecurity and target Americans and our innovation,” FBI Director Christopher Wray said.
“As long as China continues to target the US and our partners, the FBI will continue to send a clear message that cyber espionage will not be tolerated, and we will tirelessly pursue those who threaten our nation’s security and prosperity,” he added.
The charges come after the UK’s government also accused China of being responsible for “malicious cyber campaigns” targeting the country’s Electoral Commission and politicians.
The Chinese embassy in London said it “strongly opposes” the accusations, calling them “completely fabricated and malicious slanders”. As for the allegations made in the US, the Chinese embassy in Washington DC is yet to respond.
In an indictment unsealed against seven of the alleged Chinese hackers involved, US prosecutors said the hacking resulted in the confirmed or potential compromise of work accounts, personal emails, online storage and telephone call records.
The emails they are accused to have sent targets often appeared to be from prominent news outlets or journalists, containing hidden tracking links. If a person opened the email sent to them, their information – including their location and IP addresses – would be sent to a server allegedly controlled by the seven defendants.
This information was then used to enable more “direct and sophisticated targeted hacking, such as compromising the recipients’ home routers and other electronic devices”, US prosecutors said.
As well as targeting US government officials working at the White House and US state departments, and in some cases their spouses, they were also said to have targeted foreign dissidents globally.
In one example cited by the justice department, the men “successfully compromised Hong Kong pro-democracy activists and their associates located in Hong Kong, the United States, and other foreign locations with identical malware”.
US companies were hacked too, with the men allegedly targeting defence, information technology, telecommunications, manufacturing and trade, finance, consulting, legal, and research industries.
Companies targeted included defence contractors who provide services to the US military and “a leading provider of 5G network equipment”.
