According to the indictment, the officers -- identified as Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui -- were members of Unit 61398 of the Third Department of the Chinese People’s Liberation Army.
Attorney General Eric Holder and the Department of Justice are accusing the individuals of participating in cyber-espionage on behalf of a foreign government, lifting “sensitive, internal communications” about intellectual property, trade secrets and information on strategies or vulnerabilities in US companies that could provide competitive benefit to Chinese rivals.
The hacked organizations included U.S. Steel Corp., Westinghouse, Alcoa, Allegheny Technologies, the United Steel Workers Union and US subsidiaries of SolarWorld, a German company.
The indictment details very specific attacks. For instance, about three weeks after Alcoa announced a partnership with a Chinese state-owned enterprise (SOE-3) in February 2008, Sun sent a spearphishing e-mail to the company. Thereafter, in or about June 2008, unidentified individuals stole thousands of email messages and attachments from Alcoa’s computers, including internal discussions concerning that transaction.
“For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses,” said John Carlin, assistant attorney general for national security, at a news conference in Washington. “This indictment describes, with particularity, specific actions on specific days by specific actors to use their computers to steal information from across our economy.”
In 2013, security firm Mandiant made headlines with a report that said that a unit of the People’s Liberation Army had been linked to deep spying on 141 US and foreign companies and entities, mostly in English-speaking countries. In April of this year, it noted that the Chinese attacks were showing “no signs of abatement.”
“One conclusion is inescapable: the list of potential targets has increased, and the playing field has grown,” the company said in the report. “Cyber-threat actors are expanding the uses of computer network exploitation to fulfill an array of objectives, from the economic to the political. Threat actors are not only interested in seizing the corporate crown jewels but are also looking for ways to publicize their views, cause physical destruction and influence global decision makers. Private organizations have increasingly become collateral damage in political conflicts. With no diplomatic solution in sight, the ability to detect and respond to attacks has never been more important.”
Beijing has in the past of course repeatedly denied allegations of US targeting, and this time is no exception. Foreign ministry spokesman Qin Gang said in a statement that the allegations were "made up" and would "damage Sino-American co-operation and mutual trust.”
"China is a staunch defender of network security, and the Chinese government, military and associated personnel have never engaged in online theft of trade secrets," he said.
It has also often accused the US of cyber-spying on its interests, a charge Holder denied today in the news conference, even though leaked NSA documents show that the US has hacked into Chinese telecom innfrastructure giant Huawei in the past.
The indictments are clearly meant to send a larger message that the US isn’t making do with a war of actionless words over cyber-espionage any more, and in that it's a sharp departure in policy towards China.
In a statement, FBI Director James B. Comey said, “For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries,” said “The indictment announced today is an important step. But there are many more victims, and there is much more to be done. With our unique criminal and national security authorities, we will continue to use all legal tools at our disposal to counter cyber-espionage from all sources.”