U.S. accuses Chinese government of cyber espionage against COVID-19 vaccine, drug developers
The U.S. Department of Justice Tuesday announced the indictments of two individuals in China for a number of cyber crimes, including stealing and attempting to steal confidential information from U.S. companies that are developing COVID-19 vaccines and therapies.
The indictment, which was dated July 7, was issued by a grand jury in the U.S. District Court for the Eastern District of Washington. Among other crimes, it alleges that Li Xiaoyu and Dong Jiazhi “researched vulnerabilities in the networks of biotech and other firms publicly known for work on COVID-19 vaccines, treatments, and testing technology.”
The allegations in the indictment make it clear that the U.S. government had Li and Dong’s cyber activities under surveillance for an extensive period, and asserts that they had extensive interactions with a Chinese intelligence agency.
The indictment states that Li and Dong “did not just hack for themselves. While in some instances they were stealing business and other information for their own profit, in others they were stealing information of obvious interest to the PRC Government’s Ministry of State Security (MSS).” The indictment alleges that they “worked with, were assisted by, and operated with the acquiescence of the MSS,” including a specific MSS officer in Guangdong.
Victims, according to the Department of Justice, included an unidentified “Massachusetts pharmaceutical company” from which the hackers are alleged to have stolen two gigabytes of data that included the “chemical structure of anti-infective agents, the chemical engineering processes needed to create those agents, and test results from [the company’s] research, all of which would enable a competitor to focus research on areas of higher potential investment return without making the same research and development expenditures as the victim.”
The indictment makes similar allegations regarding a California pharmaceutical company. It also accuses the pair of targeting “a U.S. government biomedical research agency in Maryland.”
The indictment alleges that in January 2020 the two individuals “conducted reconnaissance on the computer network of a Massachusetts biotech firm publicly known to be researching a potential COVID-19 vaccine,” and in February “searched for vulnerabilities in the network of a California biotech firm that had announced one day earlier that it was researching antiviral drugs to treat COVID-19.”
The FBI solicited public assistance in locating Li and Dong.