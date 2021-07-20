State-sponsored Chinese hackers targeted at least one South African company as part of a hacking campaign, says the US Justice Department.

Front company Hainan Xiandun used spear phising on a "maritime research and development" company in SA, say American prosecutors in an indictment unsealed on Friday.

The company was controlled by the Hainan province, as it sought commercial advantage for its state-owned enterprises in foreign deals through industrial espionage, the indictment alleges.

The US says the Chinese hackers also targeted universities, governments, and one political party in other parts of the world, in search for information on Ebola, genetic sequencing, and chemical formulas.

State sponsored hackers working for a Chinese province sought to steal trade secrets from at least one South African company, American prosecutors say in an indictment unsealed on Friday.

Those prosecutors are now pursing charges including economic espionage and conspiracy to commit computer fraud against a group of four Chinese nationals, with long potential jail terms under US law.

The group worked under the guise of front company Hainan Xiandun, the indictment alleges, which "employed hackers who sought to and did steal data from companies and universities involved in virus and vaccine research of the Ebola virus and maritime research and development."

Specifically targeted information included "sensitive technologies used for submersibles and autonomous vehicles, speciality chemical formulas, and proprietary genetic-sequencing technology," according to the US prosecutors.

A long list of American companies and institutions were allegedly infiltrated or attacked, alongside government units and one political party in countries including Saudi Arabia and Malaysia.

Attempts included spear-phising attacks on "multiple defence contractors and companies specialising in maritime research and development based in the United States, South Africa and Austria", according to the indictment, in two waves: in late December and early January of 2016, and again from mid July to early August in 2016.

It is not clear whether, or two what extent, these attacks were successful.

Data was stolen with the intention of gaining advantage for Chinese state-owned enterprises involved in rail, buildings ships, and bio-pharmaceuticals, say the American prosecutors.

Some emails seeking to install malware on target computers came from "doppelgänger" domains, the US authorities say, addresses which look safe and familiar to recipients by imitating those of organisations they know. Others would have appeared to come from actual colleagues, using hijacked accounts.

Methods to exfiltrate information included hiding it in images of Donald Trump and koala bears on public servers, using stenography.

The indictment names malware creator Wu Shurong, and three people the US says were officers in the State Security Department of the Hainan province while running the front company Wu worked for: Ding Xiaoyang, Cheng Qingmin, and Zhu Yunmin.

(Compiled by Phillip de Wet)

