Skip to Content
MIT Technology Review

Chinese hackers allegedly stole data of more than 100,000 US Navy personnel

Category:

That’s one of the stunning allegations against two Chinese government hackers in an indictment issued today by America’s Department of Justice (DOJ).
 
The news: The indictment accuses the two hackers, Zhu Hua and Zhang Shilong, of working for a group with links to China’s Ministry of State Security, the country’s main intelligence agency. Dubbed Advanced Persistent Threat 10, or APT 10, by security researchers, the group mainly aimed to steal intellectual property, but it also scooped up information about US military personnel, including Social Security numbers, dates of birth, and salaries. The US Navy reportedly has somewhere around 330,000 active duty members, so the hack likely affected a significant percentage of them.
 
International sweep: By sneaking into the computers of a US company that manages IT systems remotely for other businesses, the Chinese hackers were allegedly able to access computers at more than 45 companies in a dozen countries, including the US, the UK, Australia, India, and Japan. After the DOJ’s announcement, the British foreign secretary called the APT 10 activity “one of the most significant and widespread intrusions against the UK and allies uncovered to date.”
 
Growing tensions: The indictment comes at a time when US-China relations have already been strained by a trade war and the arrest in Canada of Meng Wanzhou, the CFO of Huawei, a Chinese telecom giant that is at the center of a debate over network security. Meng, who faces extradition to the US, is accused of covering up efforts by Huawei to circumvent US sanctions on Iran. She denies any wrongdoing, and China has demanded her release. There are also strong suspicions that Chinese agents may have been behind the recent mega-hack of the Marriott hotel chain.