The US government and more than a dozen international allies have called out China for persistent efforts to steal other countries’ trade secrets and advanced technologies and to compromise sensitive government and corporate computers.
The action comes as the US Justice Department unveils criminal charges against hackers affiliated with China’s main intelligence service who allegedly took part in a long-running cyber-spying campaign targeting US and other countries’ networks.
Zhu Hua and Zhang Shilong were charged with conspiracy to commit computer intrusions, conspiracy to commit wire fraud and aggravated identity theft.
The indictment, filed in federal court in the Southern District of New York, alleges that a group of hackers known as APT10 carried out hacking campaigns since at least 2006.
The defendants worked for Huaying Haitai Science and Technology Development Company in Tianjin, China. They acted on behalf of the Chinese Ministry of State Security’s Tianjin bureau, according to US deputy attorney general Rod Rosenstein.
"America and its many allies know what China is doing," Rosenstein said. "We know why they're doing it. And in some cases, we even know exactly who is sitting at the keyboard perpetrating these crimes in association with the Chinese government."
He added that over 90 percent of the Justice Department's economic espionage cases in the past seven years have involved China.
Rosenstein said the charges mark an important step in revealing to the world China’s continued practice of stealing commercial data.
"It is unacceptable that we continue to uncover cyber-crime committed by China against other nations," he said.
Foreign Secretary Jeremy Hunt said in a statement that these activities "must stop".
"They go against the commitments made to the UK in 2015, and, as part of the G20, not to conduct or support cyber-enabled theft of intellectual property or trade secrets. Our message to governments prepared to enable these activities is clear: together with our allies, we will expose your actions and take other necessary steps to ensure the rule of law is upheld," said Hunt.
Dmitri Alperovitch, CTO and co-founder at CrowdStrike, told SC Media UK that it is unprecedented and encouraging to see the US government, joined by so many international allies, taking a decisive stance against Chinese state-sponsored economic espionage.
He added that today’s announcement of indictments against Ministry of State Security (MSS), which he said was now the most active Chinese cyber threat actor, is another step in a campaign that has been waged to indicate to China that its blatant theft of IP is unacceptable and will not be tolerated.
"While this action alone will not likely solve the issue, and companies in US, Canada, Europe, Australia and Japan will continue to be targeted by MSS for industrial espionage, it is an important element in raising the cost and isolating them internationally," said Alperovitch.
Malcolm Taylor, director of cyber advisory at ITC Secure, told SC that it is a fascinating diplomatic move to go public now.
"It comes after the Huawei affair, the apparently reactive arrests in China of Canadian business people and the trade war, and it looks like an extension of those by other means. The US and the UK have gone public with Russia recently, over the botched GRU activity in the Netherlands," he said.
"It is slightly surprising to see a similar approach being used for China, and may show the west’s concern at the growing power of China. The Chinese have been very clever; through global investment regimes and soft power and the rapid growth of, and technical ability of, Huawei, they now have a critical presence inside the internet backbone. Has that worried the west, such that now they are responding?"