According to recently released documents, in September 2017, U.S. prosecutors charged three Chinese nationals with hacking three companies with extensive U.S. operations. The hacks, which took place between 2011 and 2017, were carried out by employees and associates of a Chinese cyber security service firm known as Boyusec, affiliated with China’s People’s Liberation Army. Despite this affiliation, prosecutors are not treating this case as an instance of state-sponsored hacking.
According to the indictment, the hackers gained access to the three companies’ information systems by exploiting “hop point” servers in an effort to hide their identities and gain unauthorized access to the companies’ systems. In addition, the indictment alleges that the defendants used spear-phishing emails—email-spoofing attacks that target a specific organization or individual—and malware to infect the companies’ systems. Upon gaining access to the systems, the defendants allegedly used stolen network credentials to conceal their unauthorized access to the computer networks. Through these attacks, the defendants were allegedly able to access “hundreds of gigabytes” of trade secrets, market research, and confidential internal communications.