Two Chinese nationals have been indicted for seeking to steal COVID-19 vaccine research and hacking hundreds of companies in the United States and abroad, including defence contractors, the US Justice Department said Tuesday.
Li Xiaoyu, 34, and Dong Jiazhi, 33, also targeted human rights activists in the United States, China, and Hong Kong, Assistant Attorney General John Demers said.
Li and Dong, who are believed to be in China, acted in some instances "for their own personal gain" and in others for the benefit of China's Ministry of State Security, Demers said at a news conference.
"China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals," Demers said.
The Justice Department said Li and Dong, who were classmates at an electrical engineering college in Chengdu, have been engaged in a computer hacking campaign for the past 10 years.
They have targeted companies in the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and Britain, it said.
"Targeted industries included, among others, high tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; defence," it said.
"More recently, the defendants probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments," it said.
Justice Department officials said that Li and Dong targeted biotech companies in California, Maryland, Massachusetts and elsewhere but did not appear to have actually compromised any COVID-19 research.
The Justice Department said they also targeted "non-governmental organisations, and individual dissidents, clergy, and democratic and human rights activists in the United States and abroad, including Hong Kong and China."
According to the indictment, Li and Dong supplied the Ministry of State Security with passwords for personal email accounts belonging to Chinese dissidents, a Hong Kong community organiser, the pastor of a Christian church in Xian and a former Tiananmen Square protestor.
Among the material allegedly stolen were emails between a dissident and the Dalai Lama's office.
The pair were accused of stealing source code from software companies, information about drugs under development from pharmaceutical firms and weapons designs and testing data from defence contractors.
Targeted foreign companies were not identified by name.
But according to the indictment they included a Dutch electronics firm, a Swedish gaming company, a Lithuanian gaming company, a German software engineering firm, a Belgian engineering software company, an Australian defence contractor, a South Korean shipbuilding firm, a Spanish electronics and defence firm, and a British artificial intelligence and cancer research company.
Li and Dong allegedly stole information from defence contractors regarding military satellite programs, military wireless networks and communications systems, and microwave and laser systems.
The indictment was returned by a grand jury in the Eastern District of Washington state on July 7 but was only unsealed on Tuesday.
Li and Dong were charged with conspiracy to commit computer fraud, conspiracy to commit theft of trade secrets, wire fraud, unauthorized access of a computer and identity theft.
China accused the United States last month of smearing Beijing following allegations that Chinese hackers were attempting to steal coronavirus research.
The claims exacerbated tensions between the two countries, which have traded barbs over the origin of the pandemic that has killed more than 600,000 people since it emerged in China late last year.
"China expresses strong dissatisfaction and firm opposition to such smearing," foreign ministry spokesman Zhao Lijian said.
"Judging from past records, the US has carried out the largest cybertheft operations worldwide," Zhao said.
Why are smartphone prices rising in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.