US Indicts Chinese Hackers in MSP Network Scheme

The U.S. Justice Department today charged two Chinese-state-sponsored hackers that it says infiltrated managed service provider (MSP) networks and stole companies’ intellectual property and sensitive data. While the U.S. government didn’t name any of the companies whose networks were compromised, Reuters reports that Hewlett Packard Enterprise and IBM are two of them. The two hackers, Zhu Hua and Zhang Shilong, both Chinese nationals, were members of a state-sponsored group called Advanced Persistent Threat 10 or APT 10. They stole information from at least a dozen countries including more than 45 U.S. companies. And according to the indictment, they were working in association with a Chinese intelligence service called the Ministry of State Security. The hackers used malware to gain access to the computer networks and steal data between 2006 and 2018. They targeted a range of industries including banking and finance, telecommunications and consumer electronics, medical equipment, packaging, manufacturing, consulting, healthcare, biotechnology, automotive, oil and gas exploration, and mining.