This week, the U.S. government continued its enforcement activity against Chinese government-sponsored trade secret theft, indicting two Chinese hackers for allegedly stealing data from 25 domestic and international companies, including targeting those now researching COVID-19 testing, vaccines, and treatment. The two defendants had allegedly acquired hundreds of millions of dollars worth of trade secrets and other valuable business information across a span of nearly eleven years. This announcement follows in the wake of the indictment of Dr. Charles Lieber, a former Harvard professor, who allegedly lied about his participation in China’s “Thousand Talents Plan,” a program that has been accused of facilitating the stealing of American trade secrets. Our coverage of that indictment is here.

On Tuesday, July 21, 2020, the U.S. Department of Justice (“DOJ”) announced charges against Li Xiaoyu and Dong Jiazhi in the Eastern District of Washington, alleging that they hacked the computer networks of 13 United States and 12 international companies in industries ranging from high tech manufacturing and medical device engineering to solar energy and pharmaceuticals, all between September 2009 and July 2020. The allegedly stolen trade secrets included proprietary pharmaceutical chemical structures, technology design, source code, manufacturing processes, and testing methods and results. According to the DOJ press release, these trade secrets could give competitors “a market edge by providing insight into proprietary business plans and savings on research and development costs in creating competing products.”

The indictment also accuses the Chinese government of supporting and facilitating the hacking through its Ministry of State Security (“MSS”). “[A] huge array of sensitive and valuable trade secrets, technologies, data, and personal information” has been stolen by “hackers operated from China,” according to a statement from United States Attorney William Hyslop. The statement further details that this was done “both for their own gain and with the assistance and for the benefit of the Chinese government’s [MSS].”

The defendants allegedly conducted their attacks by accessing victim networks through publicly reported software vulnerabilities, sometimes focusing on those that were newly announced so that users would not yet have installed updates to correct them. They often placed “web shells” onto the networks, such as the China Chopper web shell, a shell regularly used by hackers working in China. At other times, the defendants would upload malicious software programs to the victim computer networks in order to steal passwords later used to obtain further illicit access. The defendants would then package the stolen data into compressed RAR files, changing the names of the files to make them harder to identify and often storing them in the “recycle bin” to make them more difficult to discover. The defendants sold some of the stolen data for profit, and other times they provided it to MSS. On at least one occasion, they attempted to extort the victim of the theft.

The defendants’ most recent activity consisted of “research[ing] vulnerabilities in the networks of biotech and other firms publicly known for work on COVID-19 vaccines, treatments, and testing technology.” However, the indictment does not indicate that the defendants actually gleaned information from the targeted firms.

This indictment is an important reminder for companies involved in complex and valuable research to continuously monitor their security and software programs. Unfortunately, hackers target vulnerabilities in software networks, so it is important to consistently monitor and eliminate such vulnerabilities. We will continue to report on any developments with this case, as well as the United States’ protection of its trade secrets against foreign government-sponsored theft.