According to the release the cybercriminals are said to be fugitives in China with one of them claiming connections to the Chinese Ministry of State Security. Moreover, the hackers were said to be employees of a Chinese cybersecurity firm Chengdu 404 Network Technology which according to an earlier indictment was a self-described network security company that was allegedly run by the cybercriminals posing as ethical “white hat” hackers.
However, three of the self-claimed white hat hackers who went by the names Jiang Lizhi, Qian Chuan and Fu Qiang employed supply chain hacking techniques that allowed the criminals to compromise victim computer networks that included government networks in India and Vietnam. The cybercriminals also stole sensitive data by hacking computers from 100 private corporations in the U.S and abroad.
According to the indictment, the underlying goal of the cybercrime conspiracy was to obtain commercial success for CHENGDU 404. Deputy Attorney General Jeffrey A. Rosen said in a statement:
The Chinese communist party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.
Per the release, the investigation involved Big tech’s analyst teams from Microsoft’s Threat Intelligence Center (MSTIC) and Digital Crimes Unit (DCU), Google’sThreat Analysis Group (TAG), and Facebook among others.