The Department of Justice (DoJ) today announced hacking and identity theft charges against two members of the Chinese state-sponsored hacking group APT-10, alleging that the APT-10 members hacked into American organizations and stole personally identifiable information on more than 100,000 Navy personnel.
The indictment claims that APT-10 “successfully obtained unauthorized access to at least approximately 90 computers belonging to, among others, commercial and defense technology companies and U.S. Government agencies located in at least 12 states.” The indictment specifically names NASA’s Goddard Space Center and Jet Propulsion Laboratory, and the Department of Energy’s Lawrence Berkeley National Laboratory, as targets.
One of the big revelations from the indictment is that the group compromised more than 40 computers to steal PII from over 100,000 Navy personnel, including Social Security numbers, dates of birth, salary information, and phone numbers.
APT-10 did so through two disclosed methods: spearphishing to install malware at companies, and spearphishing campaigns against managed service providers to move laterally against targets, DoJ alleged.
“You’ve all heard about situations where you see somebody essentially do the cyber equivalent of breaking into a house. This is more like breaking into and getting the keys from the maintenance supervisor, who has keys to hundreds and hundreds of apartments and all the residents in those apartments, and that’s why this is so significant,” said FBI Director Christopher Wray.
“We’re going to keep calling out this state-sponsored behavior for what it is–illegal, unethical, and unfair,” said Wray. “It’s going to take all of us working together to protect our economic security and our way of life.”
“America and many allies know what China is doing. We know why they are doing it. And in some cases, we even know which individual people are doing it in association with the Chinese government,” said Deputy Attorney General Rod Rosenstein. He noted that 90 percent of economic espionage cases in the last seven years involved China.
The announcement spurred reactions from a variety of government officials.
The Department of Homeland Security set up a website of resources to help network defenders who may have been yet-undiscovered victims of APT-10’s hacking.
“We are in a hot war with China, and cyber space is the battle space. I’ve said time and time again that we must play nice with nice guys, and tough with tough guys. This is no different. There must be consequences for digital attacks that compromise our national security,” said Rep. Will Hurd, R-Texas, chairman of the House Oversight and Government Reform IT subcommittee.
“We will continue to hold malicious actors accountable for their behavior, and today the United States is taking several actions to demonstrate our resolve,” said Homeland Security Secretary Kirstjen Nielsen and Secretary of State Mike Pompeo in a joint statement.
“In our capacity to protect and coordinate with the energy sector, the Department of Energy is dedicated to working with our government and industry partners to strengthen the preparedness and resilience of both the electricity and oil and natural gas sectors,” said Karen S. Evans, Assistant Secretary for Cybersecurity, Energy Security and Emergency Response (CESER).