The United States names two Chinese hackers related to the Chinese officials who were guilty of a worldwide hacking campaign
Last week, the US Department of Justice revealed the names of two men found to be responsible for launching hacking attempts against numerous organizations worldwide. Zhu Hua (also recognized as Afware, Alayos, CVNX or Godkiller) and Zhang Shilong (also known as Zhang Jianguo, Atreexp or Baobeilong) were found guilty for trying to steal business secrets from numerous companies. Furthermore, it is known that these nationals worked for Huaying Haitai Science and Technology Development Company and have committed their crimes straight from the location of China's Ministry of State Security.
The hackers belong to the worldwide hacking group known as Advanced Persistent Threat 10 or APT10 (also recognized as Cloudhopper). It is believed to be Chinese government-sponsored and is known for seeking to gather sensitive information about various business techniques, conditions, negotiations, and similar details.
The U.S. Navy – one of the biggest victims having over 100,000 sensitive details exposed
The list of organizations and companies which have become victims of this worldwide hacking attempt is not the short one. According to researchers, Chinese cybercrooks managed to gain access to around 100 computer systems and have affected 12 states in the United States of America, starting from California and ending with New York.
One of the biggest Zhu Hua's and Zhang Shilong's victims is the U.S. Navy. The hack leaked around 100,000 personal details and sensitive information. This type of data includes birth dates, names, surnames, social security codes, even salary information, and other sensitive details.
The biggest risk lies in the fact that, according to the United States Department of Justice, some victims belong to the managed service providers which are companies that build the business on trust:
This case is significant because the defendants are accused of targeting and compromising Managed Service Providers, or MSPs. MSPs are firms that other companies trust to store, process, and protect commercial data, including intellectual property and other confidential business information
These MSPs include NASA, U.S. Navy, Jet Propulsion Laboratory, Department of Energy's Lawrence, Berkeley National Laboratory, and so on.
Affected companies are located all over the world
While the biggest targets come from the US, there are other major organizations such as financial, telecommunication, electronics, healthcare, and manufacturing companies hailing from other world's countries. Victims are found all over the world, including:
- The United Arab Emirates;
- The United States;
Unfortunately, hackers who were performing illegitimate activities since 2006 haven't been arrested yet. However, the FBI is looking forward to catching them and finding guilty for identity theft and other crimes. The United States Department of Justice has already accused the Chinese government of breaking the rules and revealing sensitive details which are related to various businesses and are supposed to be kept in secret.
Another interesting fact is that this announcement was released two months after another hacking attempt which is also related to the ATP10. Back then, ten Chinese criminals were found to be guilty of stealing confidential information related to aircraft technologies which belong to American and French organizations.