Skip to main content
The Globe and Mail
Support Quality Journalism
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
Just$1.99
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to globeandmail.com
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); }

The Justice Department has charged five Chinese citizens with hacks targeting more than 100 companies and institutions in the United States and abroad, including social media and video game companies as well as universities and telecommunications providers, officials said Wednesday.

The five defendants remain fugitives, but prosecutors say two Malaysian businessmen charged with conspiring with the alleged hackers to profit off the attacks on the billion-dollar video game industry were arrested in Malaysia this week and now face extradition proceedings.

The indictments are part of a broader effort by the Trump administration to call out cybercrimes by China. In July, prosecutors accused hackers of working with the Chinese government to target companies developing vaccines for the coronavirus and of stealing hundreds of millions of dollars worth of intellectual property and trade secrets from companies across the world.

Story continues below advertisement

Though those allegations were tailored to the pandemic, the charges announced Wednesday – and the range of victims identified – were significantly broader and involved attacks done both for monetary gain but also more conventional espionage purposes.

In unsealing three related indictments, officials laid out a wide-ranging hacking scheme targeting a variety of business sectors and academia and carried out by a China-based group known as APT41. That group has been tracked over the last year by the cybersecurity firm Mandiant Threat Intelligence, which described the hackers as prolific and successful at blending criminal and espionage operations.

The hackers relied on a series of tactics, including attacks in which they managed to compromise the networks of software providers, modify the code and conduct further attacks on the companies' customers.

The Justice Department did not directly link the hackers to the Chinese government. But officials said the hackers were probably serving as proxies for Beijing because some of the targets, including pro-democracy activists and students at a Taiwan university, were in line with government interests and didn’t appear to be about scoring a profit.

“A hacker for profit is not going to hack a pro-democracy group,” said acting U.S. Attorney Michael Sherwin of the District of Columbia, where the cases were filed. Those targets, including some that bear the “hallmark” of conventional espionage, point to the conclusion that the hackers had at least an indirect connection with the government, Sherwin said.

In addition, one of the five defendants told a colleague that he was very close to the Chinese Ministry of State Security and would be protected “unless something very big happens,” and also agreed not to go after domestic targets in China, said Deputy Attorney General Jeffrey Rosen.

But some of the conduct was clearly profit driven, officials said. Two of the Chinese defendants, for instance, were charged with breaking into video game companies and obtaining digital currency that was then sold for profit on the black market, officials said.

Story continues below advertisement

Rosen, the Justice Department’s No. 2 official, criticized the Chinese government for what he said was a failure to disrupt hacking crimes and to hold hackers accountable.

“Ideally, I would be thanking Chinese law enforcement authorities for their co-operation in the matter and the five Chinese hackers would now be in custody awaiting trial,” Rosen said. “Unfortunately, the record of recent years tells us that the Chinese Communist Party has a demonstrated history of choosing a different path, that of making China safe for their own cyber criminals, so long as they help with its goals of stealing intellectual property and stifling freedom.”

There was no immediate response Wednesday to an e-mail seeking comment from the Chinese Embassy in Washington.

The Justice Department also announced that it had seized hundreds of accounts, servers and domain names used by the defendants and that it had worked with Microsoft and other private sector companies to deny the hackers continued access to tools, accounts and hacking infrastructure.

Also Wednesday, the department announced charges against two Iranian nationals accused of stealing hundreds of terabytes of data in a hacking campaign targeting institutions – and perceived enemies of Iran – in the U.S., Europe and the Middle East.

Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.

Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies