US Justice Department indicts Iranian, Chinese and Malaysian hackers for targeting hundreds of individuals and organisations

Malaysian nationals allegedly helped Chinese hackers in their attempts to intrude into the networks of American firms

The US Department of Justice (DoJ) has indicted two Iranian nationals, two Malaysians and five Chinese individuals for their alleged role in state-sponsored hacking campaigns targeting over 100 firms based in the US and other countries.

According to the court documents, five members of Chinese hacking group APT41, also known as Wicked Panda and Winnti, were operating probably with the approval of the Chinese government to target hundreds of individuals and organisations, including video game makers, computer hardware manufacturers, telecom firms, social media platforms, think tanks, universities, foreign governments and pro-democracy campaigners in Hong Kong.

While federal officers did not directly attribute the cyber attacks to the Chinese government, Michael Sherwin, the acting US attorney for the District of Columbia, said that some Chinese hackers launched attacks with the confidence that their government would not take any action against them.

All five Chinese hackers have been charged by the US government with numerous crimes, including unauthorised access of protected computers, conspiracy to commit wire fraud, and aggravated identity theft. They all currently remain at large in China.

Two Malaysians, Ling Yang Ching, 32, and Wong Ong Hua, 46, were arrested on 14th September in Sitiwan, Perak State, in a separate indictment.

They were charged with helping Chinese hackers in their attempts to intrude into the networks of American firms, and currently face extradition to the US.

The two Iranians indicted by the DoJ are alleged to have carried out cyber theft campaigns to steal hundreds of terabytes of data from computer systems in the US, Europe and the Middle East, many times at the request of the Iranian government.

The court documents revealed that Mehdi Farhadi (also known as "Mohammad Mehdi Farhadi Ramin" and "Mehdi Mahdavi"), 34, and Hooman Heidarian (aka "neo"), 30, targeted confidential information pertaining to foreign policy intelligence, national security, nuclear installations, human rights activists, aerospace information and financial details from the victims.

In many instances, the hacked data was sold in the black market for personal gain.

"Unfortunately, our cases demonstrate that at least four nations — Iran, China, Russia and North Korea — will allow criminal hackers to victimise individuals and companies from around the world, as long as these hackers will also work for that country's government," said Assistant Attorney General for National Security John C. Demers in a statement.

"Today's defendants will now learn that such service to the Iranian regime is not an asset, but a criminal yoke that they will now carry until the day they are brought to justice," Demers added.

Earlier this year, researchers at cyber security firm ClearSky had warned that Iranian hackers were attempting to breach VPN servers to plant backdoors in corporate networks worldwide.

Iranian threat groups also intensified spear-phishing email operations in Middle East and Europe following the killing of Iranian General Soleimani in January by a US airstrike.