• ‘Alarming’: Australia must expose foreign cyber spies
• Mums and dads being ‘held to ransom’ by cyber crims
• Light bulbs, locks and doors: 10 ways your home can be hacked

The two Chinese nationals were indicted by the US Justice Department on Tuesday, local time, for a wide range of offences including trying to steal COVID-19 vaccine research from countries around the world.

Their targets included “hundreds of victim companies, governments, non-governmental organisations, and individual dissidents, clergy, and democratic and human rights activists in the United States and abroad, including Hong Kong and China”, said the Justice Department.

Li Xiaoyu, 34, and Dong Jiazhi, 33, were “on call” for the Chinese government’s Ministry of State Security, said US Assistant Attorney-General John Demers.

The FBI issued wanted notices for the duo, who are believed to be in China.

They were described as electrical engineers who met at a university in Chengdu, China, and operated their criminal enterprise for more than a decade.

The Australian companies targeted were not identified, apart from being named as Victim 21 and 23.

Demers said the 27-page federal grand jury indictment charged them with targeting a series of companies across the world.

“The hackers targeted technology companies in countries with high technology industries, including in Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, the United Kingdom, and the United States,” he said.

“These intrusions are yet another example of China’s brazen willingness to engage in theft through computer intrusions contrary to their international commitments.”

The hacks were attempted through malware, and Australia was targeted in January and April this year.

“On or about January 28, 2020, Li accessed Victim 23’s network via a China Chopper web shell,” the indictment reads.

“Li then executed commands on Victim 23’s network that enabled him to view reconnaissance information such as directory contents and user privileges.”

The hackers acted in some instances “for their own personal gain” and in others for the benefit of the Chinese government.

“The indictment specifically outlines how stealing intellectual property from companies in these high-tech industries could help Chinese companies replicate the targeted technology and eventually edge out their non-Chinese competitors,” said Demers.

“China’s anti-competitive behaviour and flagrant disregard for their promises not to engage in cyber-enabled intellectual property theft is not just a domestic issue; it is a global issue.

“The indictment alleges activity against companies in at least 10 countries around the world. The indictment shows very clearly that no country is immune. Any country with a successful company or industry must be on guard and prepared to protect itself.

“The indictment also highlights how the Chinese government is willing to turn a blind eye to prolific criminal hackers operating within China’s borders.

MORE NEWS

Huawei infiltrates Australia despite Chinese espionage risks

Aussie mum nabbing cyber crims taking your cash

Chinese espionage: ‘They’ve targeted Australia’

“In this manner, China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being “on call” to work for the benefit of the state, here to feed the Chinese Communist Party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research.

“With the top cover provided by state officials, these criminals are given free rein to victimise law abiding citizens around the world. All of these activities – state-sponsored theft of intellectual property and knowingly providing a safe havens for cyber criminals – run afoul of norms of acceptable state behaviour in cyberspace, which the international community must address.”