Millions of Americans' online accounts have been caught up in a “sinister” Chinese hacking plot that targeted US officials, the justice department and FBI said on Monday.
Seven Chinese nationals have been charged with enacting a widespread cyber-attack campaign. They are accused of ties to a hacking operation that ran for 14 years. The US state department announced a reward of up to $10m (£8m) for information on the seven men. The justice department said hackers had targeted US and foreign critics of China, businesses, and politicians.
The seven men allegedly sent over 10,000 “malicious emails, impacting thousands of victims, across multiple continents”, in what the justice department called a “prolific global hacking operation” backed by China's government.
“Today's announcement exposes China's continuous and brash efforts to undermine our nation's cybersecurity and target Americans and our innovation,” FBI Director Christopher Wray said.
“As long as China continues to target the US and our partners, the FBI will continue to send a clear message that cyber espionage will not be tolerated, and we will tirelessly pursue those who threaten our nation's security and prosperity,” he added.
The charges come after the UK's government also accused China of being responsible for “malicious cyber campaigns” targeting the country's Electoral Commission and politicians. Diplomats at the Chinese embassy in London said it “strongly opposes” the accusations, calling them “completely fabricated and malicious slanders”.
New Zealand's government also said its parliament had been targeted by China-backed hackers, the New Zealand Herald reported. A spokesperson for the Chinese embassy in Washington DC said “without valid evidence, relevant countries jumped to an unwarranted conclusion” and “made groundless accusations”.
In an indictment setting out charges against the seven Chinese men, US prosecutors said the hacking resulted in the confirmed or potential compromise of work accounts, personal emails, online storage and telephone call records.
The emails they are accused of sending targets often appeared to be from prominent news outlets or journalists, containing hidden tracking links. If a person opened the email sent to them, their information – including their location and IP addresses – would be sent to a server allegedly controlled by the seven defendants.
This information was then used to enable more “direct and sophisticated targeted hacking, such as compromising the recipients' home routers and other electronic devices”, US prosecutors said. As well as targeting US government officials working at the White House and US state departments, and in some cases their spouses, they were also said to have targeted foreign dissidents globally.
In one example cited by the justice department, the men “successfully compromised Hong Kong pro-democracy activists and their associates located in Hong Kong, the United States, and other foreign locations with identical malware”.
US companies were hacked too, with the men allegedly targeting defence, information technology, telecommunications, manufacturing and trade, finance, consulting, legal, and research industries. Companies targeted included defence contractors who provide services to the US military and “a leading provider of 5G network equipment”, the justice department said.
— CutC by bbc.com