Cyber Incident Victim: Lawrence Berkeley National Laboratory

The APT10 hacking group, linked to China's Ministry of State Security, targeted managed service providers to steal intellectual property and confidential business information. The group used malware and stolen credentials to access computer systems, compromising data of numerous companies and government agencies. The attack resulted in the theft of sensitive data, including personal information of over 100,000 Navy personnel. The defendants, Zhu Hua and Zhang Shilong, were members of the APT10 Group and worked for a company in China called Huaying Haitai Science and Technology Development Company.

The APT10 Group conducted global campaigns of computer intrusions targeting intellectual property and confidential business and technological information at managed service providers, which are companies that remotely manage the information technology infrastructure of businesses and governments around the world. The group also targeted more than 45 technology companies in at least a dozen US states and US government agencies. The defendants used some of the same online facilities to initiate, facilitate, and execute their campaigns during the conspiracy. They registered malicious domains and infrastructure, and engaged in hacking operations on behalf of the APT10 Group.

The MSP Theft Campaign, which began in or about 2014, involved the APT10 Group obtaining unauthorized access to the computers and computer networks of managed service providers for businesses and governments around the world. The group used stolen credentials to connect to other systems within an MSP and its clients' networks, enabling them to move laterally through an MSP's network and its clients' networks and to compromise victim computers that were not yet infected with malware. The APT10 Group successfully obtained unauthorized access to computers providing services to or belonging to victim companies located in at least 12 countries, including Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, and the United States.

The Technology Theft Campaign, which began in or about 2006, involved the APT10 Group obtaining unauthorized access to the computers of more than 45 technology companies and US government agencies based in at least 12 states. The group stole hundreds of gigabytes of sensitive data and information from the victims' computer systems, including from companies involved in aviation, space and satellite technology, manufacturing technology, pharmaceutical technology, oil and gas exploration and production technology, communications technology, computer processor technology, and maritime technology. The APT10 Group also compromised more than 40 computers in order to steal sensitive data belonging to the Navy, including the names, Social Security numbers, dates of birth, salary information, personal phone numbers, and email addresses of more than 100,000 Navy personnel.

The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China's intelligence service access to sensitive business information. The defendants were charged with one count of conspiracy to commit computer intrusions, one count of conspiracy to commit wire fraud, and one count of aggravated identity theft. The maximum potential sentences in this case are prescribed by Congress and are provided for informational purposes only, as any sentencing of the defendants will be determined by the assigned judge. The charges contained in the indictment are merely accusations, and the defendants are presumed innocent unless and until proven guilty.

The investigation was conducted by the FBI, including the New Orleans, New Haven, Houston, New York, Sacramento, and San Antonio Field Offices, as well as the Defense Criminal Investigative Service and the US Naval Criminal Investigative Service. The case was praised for the outstanding investigative work and collaboration among the agencies involved. The prosecution is being handled by the US Attorney's Office for the Southern District of New York, with assistance provided by the National Security Division's Counterintelligence and Export Control Section.

The attack highlights the importance of protecting sensitive information and the need for companies to be vigilant in their cybersecurity efforts. The use of malware and stolen credentials to access computer systems is a common tactic used by hackers, and companies must take steps to prevent such attacks. This includes implementing robust security measures, such as encryption and access controls, and providing training to employees on how to identify and respond to potential security threats.

The APT10 Group's actions demonstrate the threat posed by state-sponsored hacking groups, which can have significant consequences for companies and governments around the world. The group's ability to steal sensitive information and compromise computer systems highlights the need for increased cooperation and information sharing among countries to combat cyber threats. The indictment of the defendants is an important step in holding those responsible for cyber attacks accountable and demonstrates the commitment of law enforcement agencies to protecting national security and combating cyber crime.

The incident also highlights the importance of international cooperation in combating cyber crime. The APT10 Group's actions affected companies and governments in at least 12 countries, demonstrating the global nature of cyber threats. The investigation and prosecution of the defendants involved cooperation among law enforcement agencies in several countries, highlighting the need for increased collaboration and information sharing to combat cyber crime.

The use of malware and stolen credentials to access computer systems is a common tactic used by hackers, and companies must take steps to prevent such attacks. This includes implementing robust security measures, such as encryption