BREAKING: U.S. charges two Chinese hackers with breaching hundreds of companies, NGOs, & dissidents + trying to hack 3 U.S. firms researching coronavirus. The men sometimes worked in partnership with a Chinese MSS officer.

Indictment: justice.gov/opa/press-rele…

Since September 2009, the defendants have allegedly hacked into medical device makers, industrial engineering firms, gaming and education software firms, pharma companies, and defense contractors.

Victims in U.S., Australia, Germany, Japan, U.K., and 6 other countries.

The hackers tried to breach the networks of Maryland, Massachusetts and California firms researching coronavirus vaccines and treatments.

They also targeted a CA firm making testing kits.

The alleged activity is a mix of personal, profit-oriented hacking (include a ransom demand) and theft of data "of obvious interest" to Beijing, including email passwords for human-rights activists in Hong Kong and elsewhere.

These hackers are not employees of the Chinese government, but an officer of China's Ministry of State Security helped the hackers.

On one occasion, the MSS officer allegedly gave one of the defendants a zero-day exploit for a web browser to help him hack a human-rights group.

John Demers, head of DOJ's National Security Division, at press conference: "All of these activities ... run afoul of norms of acceptable state behavior in cyberspace, which the international community must address."

The U.S. cooperated with foreign law enforcement agencies on this investigation, Demers says — "yet another example of how like-minded countries can stand together to counter malicious state-sponsored cyber activities."

FBI Deputy Director David Bowdich: "China is determined to use every means at its disposal, including the theft of intellectual property from U.S. companies, laboratories and our universities, to degrade the United States’ economic, technological and military advantages."

The scale and scope of Chinese government-directed hacking “is unlike any other threat we’re facing today,” says Bowdich.

Bowdich: “We’re bringing these charges today to put the Chinese leaders directing these cyberattacks on notice. There are serious consequences and risks for stealing our technological and our intellectual property.”

Yowza. Bowdich says that Beijing uses economic leverage to pressure countries that it victimizes to stay quiet.

“This type of economic coercion is not what we expect from a trusted world leader. It is what we expect from an organized criminal syndicate.”

Here's our story about today's charges against two Chinese hackers, by me and @woodruffbets: politico.com/news/2020/07/2…

Bill Hyslop, U.S. attorney for the Eastern District of Washington, says the hackers' campaign was first discovered when they targeted DOE’s Hanford Site. A security firm noticed the activity and alerted the FBI.

Guess you could say the Hanford Site knows what a mess looks like.

Here are some of the hackers' many victims, as listed in the indictment.

Stolen data is eclectic mix: code for unpublished video game, gas turbine specs, student PII, a defense contractor's Air Force and FBI project files...

The hackers' methods are pretty standard: exploiting publicly disclosed vulnerabilities in popular software (sometimes before victims have a chance to patch), deploying web shells and password stealers, exfiltrating files in disguised archive files, hiding files in recycle bin.

During Q&A, Demers is asked how this hacking threatens coronavirus research.

Demers says that not only does the breach need to be remediated, but the research data needs to be verified to ensure the hackers didn't tamper with it. All of this slows down the work, he says.

Press conference is over. Stay tuned as we update our story. politico.com/news/2020/07/2…