American prosecutors accused two Chinese men of stealing more than 200 gigabytes of source code and other proprietary data from three video game companies in 2017 and 2018.
On Tuesday, the Department of Justice announced the indictment of Li Xiaoyu, 34, and Dong Jiazhi, 33, accusing them of hacking several companies, organizations, and government agencies all over the world and stealing troves of intellectual property, including data related to the COVID-19 vaccine. Prosecutors accused the two of working on behalf of the Chinese government’s intelligence agency, the Guangdong State Security Department (GSSD) of the Ministry of State Security (MSS).
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state,” Assistant Attorney General for National Security John C. Demers said in a press release.
The MSS allegedly gave the two hackers information on vulnerabilities and bugs that they could exploit to hack their victims, according to the indictment. Other than gaming companies, Li and Dong allegedly hacked Hong Kong protesters, the office of the Dalai Lama, and several companies in the United Stats, Britain, Sweden, Australia and Germany.
The indictment did not name the video game companies in question.
Do you work in security for a video game company? Do you reverse engineer and hack games? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at email@example.com, or email firstname.lastname@example.org
Hackers working for the Chinese government have a long history of targeting gaming companies, and security teams are constantly on alert for them.
“China is the typical [Advanced Persistent Threat] for gaming companies,” said a security engineer who works for a video game company, using the industry term for government hackers (APT). The engineer asked to remain anonymous because he wasn’t authorized to speak to the press. “They attack every eight months, more or less.”
In the past, the security firm FireEye has accused a suspected group of Chinese government hackers nicknamed APT41 of targeting the gaming industry. Earlier this year, ESET, another security company, said it had found a Chinese hacking group dubbed Winnti, which has links to APT41, targeting Massively Multiplayer Games developed by companies in South Korea and Taiwan.
Subscribe to our cybersecurity podcast, CYBER.