‘Biotech’ Hit by Ransomware as Microsoft Voices Plea for Hackers to Stop Targeting Health Care
Last updated September 28, 2021
During a virtual press conference held yesterday, the FBI Deputy Director David Bowdich announced charges against two Chinese hackers, namely LI Xiaoyu (李啸宇), 34, and Dong Jiazhi (董家志), 33. The pair faces an 11-count indictment for computer network intrusion and also for accessing and stealing intellectual property and confidential business information.
This includes COVID-19 research like potential treatments, testing technology, and vaccine candidate compounds, all of which are specifically mentioned in the associated indictment.
As D. Bowdich told the press, the purpose of these charges is to expose the practices of Chinese leaders who are directing these attacks and degrade their image on the world stage. The American agency is straight-out accusing China of committing trade secrets thefts, calling their partners to consider their alliances with a country that has so little regard for international law.
The indictment even mentions a “shameful club” of Russia, Iran, and North Korea, with China finding its place in it. These harsh words are to be expected during the times of the “trade war,” and the FBI knows that the chances of bringing the two hackers in front of justice are slim to none, so their goal with this move is to generate as much negative publicity as possible.
The two hackers, who were apparently trained in the same Chinese university, managed to steal terabytes of data during the last decade, not only from US entities, but also from Japan, Germany, South Korea, the UK, and the Netherlands.
This sounds a lot like the Winnti group’s activity, but no clarifications of this level have been provided. The defendants exploited publicly known vulnerabilities in web servers and web app development suites and were particularly quick to move before their targets had the chance to apply any fixing patches.
The Chinese hackers then planted malicious web shell programs like the “China Chopper,” credential stealers, and custom RAT tools. In several cases, these tools were planted in the recycle bin to help avoid detection. The data exfiltration was done by archiving the files in RAR form and naming them in a way that concealed the real content.
The FBI tracked these activities closely, and in several cases, they managed to stop the hackers from re-victimizing companies, government entities, and key organizations. If Xiaoyu and Jiazhi were ever to step foot on American soil, their imprisonment sentences would be counted in several decades.