On Thursday, the US Justice Department unsealed an indictment against two Chinese nationals, accusing them of conspiring to hack into US government computers to steal information about valuable technology. The Justice Department says that Zhu Hua and Zhang Jianguo were part of a hacking group known as “Stone Panda,” or “Red Apollo,” which mounted hacking attacks on the US Navy and on NASA, and also stole information from private companies. Prosecutors say the hacking group was involved in attacks on computers in at least 12 countries around the world.
Here’s what you need to know about Zhu Hua and Zhang Jianguo:
1. Prosecutors Say Zhu & Zhang Were Part of a Team That Successfully Stole Data About Aviation, Space Technology, & Electronics from US Government Computers
The Department of Justice is charging that Zhu and Zhang were key members of a campaign by the Chinese government, known as the Technology Theft Campaign, which first got underway in 2006. Prosecutors say that Zhu, Zhang, and their co-conspirators managed to hack into computers belonging to US government agencies and to private companies. Government prosecutors charge that the group stole “hundreds of gigabytes of sensitive data and information” from those computer systems.
Prosecutors say the group stole information from private companies involved in aviation, space, and/or satellite technology, as well as from companies involved in electronic systems. The indictment charges that the group also pilfered data from companies involved in maritime technology and in oil and gas drilling. Prosecutors say that the hackers even managed to break into computers owned by and the NASA Goddard Space Center and Jet Propulsion Laboratory. The group also managed to steal “sensitive data” belonging to the Navy, prosecutors say. That data included the names, Social Security numbers, dates of birth, salary, phone numbers, and email addresses of more than 100,000 Navy personnel.
2. Prosecutors Say the Hackers Were Stealing Information & Passing It to the Chinese Government
Court documents charge that Zhu and Zhang were members of a hacking group operating inside of China. The group had a lot of code names: it was called “Stone Panda,” “Red Apollo,” “MenuPass,” and “POTASSIUM,” among other things. Within the cybersecurity community, the group was known as the APT10 Group.
The Department of Justice charges that the APT10 group acted “in association” with the Chinese government, stealing data from American government agencies and businesses and passing it along to China. “The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China’s intelligence service access to sensitive business information,” said Deputy Attorney General Rosenstein. “This is outright cheating and theft, and it gives China an unfair advantage at the expense of law-abiding businesses and countries that follow the international rules in return for the privilege of participating in the global economic system.”
3. Zhu & Zhang Are Not in US Custody & the US Doesn’t Have an Extradition Treaty With China
Prosecutors say that if convicted, Zhu and Zhang could face up to 27 years in prison for the charges of computer intrusion, wire fraud, and identity theft. But it’s not clear how American authorities would actually punish the men, even if they are convicted. Both Zhu and Zhang appear to still be in China, and the trial will likely go on without them physically being there. China does not have an extradition treaty with the US, and there is no real reason to believe that Chinese authorities would turn Zhu and Zhang over to the American government.
In fact, the US government has been stressing that the alleged hackers were working alongside the Chinese government. Christopher Wray, the director of the FBI, said at a press conference that China is trying to steal information in order to beat out American competition: “China’s goal, simply put, is to replace the US as the world’s leading superpower and they’re using illegal methods to get there,” Wray told reporters.
4. Prosecutors Charge that Zhu & Zhang Were Part of a Group That Carried Out ‘Computer Intrusions’ for Over a Decade, Targeting Computers Around the World
US authorities say that the APT10 group, also known as “Stone Panda,” started operating in 2006 and was still active into 2018. Authorities say that the group hacked into computers in “at least a dozen countries” around the world, stealing “sensitive business information” and passing it along to the Chinese government.
“The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China’s intelligence service access to sensitive business information,” said Deputy Attorney General Rosenstein. “This is outright cheating and theft, and it gives China an unfair advantage at the expense of law-abiding businesses and countries that follow the international rules in return for the privilege of participating in the global economic system.”
5. The FBI, NCIS, and the Department of Defense All Took Part in the Investigation of Zhu & Zhang
The investigation into Zhu, Zhang, and the APT10 group was the product of cooperation between three agencies: the FBI, NCIS (the Navy’s investigations unit) and DCIS (the Department of Defense’s investigations unit.) A number of FBI field offices were involved in the investigation, including the New Orleans, New Haven, Houston, New York, Sacramento, and San Antonio Field Offices.
The indictment was unsealed on December 20 in Manhattan federal court.