The Department of Justice on Wednesday unsealed indictments secured between August 2019 and August 2020 of seven foreign nationals accused of a bevy of international hacking incidents. The five Chinese and two Malaysian defendants are alleged members of a group often called APT 41, Wicked Panda or Wicked Spider, which is known to commit economic espionage, traditional cybercrime and espionage against activists.
Wong Ong Hua and Ling Yang Ching, both Malaysian, have been arrested in Malaysia. The U.S. is seeking extradition on both. The other five defendants – Jiang Lizhi, Qian Chuan, Fu Qiang, Zhang Haoran, Tan Daili – are fugitives in China.
While announcing the indictments, Deputy Attorney General Jeffery Rosen said he did not anticipate China assisting the U.S. in capturing the hackers.
“In this case, one of the Chinese defendants is accused of boasting to a colleague that he was ‘very close’ to the Ministry of State Security and would be protected ‘unless something very big happens,’” Rosen said. “The hacker and his associate agreed not to ‘touch domestic stuff anymore.’”
The DoJ announced the indictments alongside several other measures to contain APT 41, including partnering with private companies in successful legal actions to seize APT 41 hacking infrastructure, takedowns of affiliated internet accounts and technical tools to prevent further intrusions.
The APT 41 indictments span efforts to leverage software supply chains to hack downstream companies, criminal schemes to steal video game currency and spying on Hong Kong dissidents.
“We know the Chinese authorities to be at least as able as the law enforcement authorities here and in like-minded states to enforce laws against computer intrusions. But they choose not to,” said Rosen.