【司法部“以法灭共”系列行动】五名中国公民两名马来西亚公民被控入侵全球计算机

图片来源:Photo by Lewis Ngugi on Unsplash

Wednesday, September 16, 2020

2020年9月16日(星期三)

Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally

Two Defendants Arrested in Malaysia; Remaining Five Defendants, One of Whom Allegedly Boasted of Connections to the Chinese Ministry of State Security, are Fugitives in China

包括“Apt41”实施人在内的七名国际网络被告,被控涉嫌全球超过100名受害公司的计算机入侵

2名被告于马来西亚被捕;其余5名被告系中国逃犯,其中1名据称与中国国家安全部有关联

In August 2019 and August 2020, a federal grand jury in Washington, D.C., returned two separate indictments charging five computer hackers, all of whom were residents and nationals of the People’s Republic of China (PRC), with computer intrusions affecting over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

于2019年8月和2020年8月,华盛顿特区的联邦大陪审团分别发布了两项指控书,指控5名计算机黑客,这5名黑客都是中华人民共和国(PRC)的居民且有中华人民共和国(PRC)国籍,他们通过计算机入侵影响了超过100家美国和国外受害公司,包括软件开发公司、计算机硬件制造商、电信供应商、社交媒体公司、视频游戏公司、非盈利组织、大学、智库和外国政府,以及香港民主政客和活动家。

The intrusions, which security researchers have tracked using the threat labels “APT41,” “Barium,” “Winnti,” “Wicked Panda,” and “Wicked Spider,” facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information.  These intrusions also facilitated the defendants’ other criminal schemes, including ransomware and “crypto-jacking” schemes, the latter of which refers to the group’s unauthorized use of victim computers to “mine” cryptocurrency. 

安全研究人员以威胁标签 “APT41”、 “Barium”、“Winnti”、“Wicked Panda” 和 “Wicked Spider” 跟踪了这些入侵。这些入侵帮助了源代码、软件代码签名证书、客户账号数据,和有价值的商业信息的盗窃。这些入侵也帮助了这些被告人其它的犯罪方案,包括勒索软件和“加密劫持”,后者指的是该团伙未经授权而使用受害者的计算机用于“开采”加密货币。

Also in August 2020, the same federal grand jury returned a third indictment charging two Malaysian businessmen who conspired with two of the Chinese hackers to profit from computer intrusions targeting the video game industry in the United States and abroad.  Shortly thereafter, the U.S. District Court for the District of Columbia issued arrest warrants for the two businessmen.  On Sept. 14, 2020, pursuant to a provisional arrest request from the United States with a view to their extradition, Malaysian authorities arrested them in Sitiawan.  The department appreciates the significant cooperation and assistance provided by the Government of Malaysia, including the Attorney General’s Chambers of Malaysia and the Royal Malaysia Police.

同样在2020年8月,同一联邦大陪审团发布了第三项指控书,指控2名马来西亚商人与其中2名中国黑客合谋,从针对美国和外国视频游戏行业的计算机入侵中获利。此后不久,美国哥伦比亚特区地方法庭对这2名商人发出了逮捕令。2020年9月14日,根据美国的临时逮捕请求以将其引渡,马来西亚当局在实兆远逮捕了他们。司法部感谢马来西亚政府的大力合作和协助,包括马来西亚总检察院和马来西亚皇家警察。

In addition to arrest warrants for all of the charged defendants, in September 2020, the U.S. District Court for the District of Columbia issued seizure warrants that resulted in the recent seizure of hundreds of accounts, servers, domain names, and command-and-control (C2”) “dead drop” web pages used by the defendants to conduct their computer intrusion offenses.  The FBI executed the warrants in coordination with other actions by several private-sector companies, which included disabling numerous accounts for violations of the companies’ terms of service.  In addition, in partnership with the department, Microsoft developed and implemented technical measures to block this threat actor from accessing victims’ computer systems.  The actions by Microsoft were a significant part of the overall effort to deny the defendants continued access to hacking infrastructure, tools, accounts, and command and control domain names.  In coordination with today’s announcement, the FBI has also released a Liaison Alert System (FLASH) report that contains critical, relevant technical information collected by the FBI for use by specific private-sector partners.

除了对所有被控被告人的逮捕令之外,美国哥伦比亚特区地方法庭于2020年9月发布了扣押令,其导致最近扣押了数百个账户、服务器、域名,以及被告用来计算机入侵犯罪的命令和控制(”C2”)”秘密报点”网页。FBI在与数家私营公司其他行动的配合下,执行了逮捕令。其中包括因违反公司的使用条款而禁用大量帐户。此外,微软与本司法部合作,开发和实施了技术措施,以阻止威胁操作者访问到受害人的计算机系统。在拒绝被告继续访问黑客系统,黑客工具,帐户以及命令控制域名的整体努力中,微软采取的行动是重要组成部分。为了配合今天的公告,联邦调查局还发布了联络警报系统(FLASH)报告,其中包括联邦调查局收集的关键,供特定私营合作伙伴使用相关技术信息。

“The department of Justice has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens,” said Deputy Attorney General Jeffrey A. Rosen.  “Regrettably, the Chinese communist party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.”


副总检察长杰弗里·罗森说:“司法部已使用一切可用工具来阻断这些中国公民的非法计算机入侵和网络攻击”, “遗憾的是,中国共产党选择了一条确保中国安全的不同道路,即对网络犯罪分子网开一面,只要他们攻击中国境外的计算机并窃取对中国有帮助的知识产权即可。”

 “Today’s charges, the related arrests, seizures of malware and other infrastructure used to conduct intrusions, and coordinated private sector protective actions reveal yet again the department’s determination to use all of the tools at its disposal and to collaborate with the private sector and nations who support the rule of law in cyberspace,” said Assistant Attorney General John C. Demers.  “This is the only way to neutralize malicious nation state cyber activity.”


“今天的指控,相关逮捕,没收用于进行入侵的恶意软件和其它基础设施,以及协调一致的私营部门保护性行动,再次表明司法部决心使用所有可用工具,并与私营部门和其它支持网络空间法治的国家合作,”助理司法部长约翰·德默斯(John C. Demers)说,“这是消除恶意的国家层面网络活动的唯一方法。”

“Today’s announcement demonstrates the ramifications faced by the hackers in China but it is also a reminder to those who continue to deploy malicious cyber tactics that we will utilize every tool we have to administer justice,” said FBI Deputy Director David Bowdich. “The arrests in Malaysia are a direct result of partnership, cooperation and collaboration. As the cyber threat continues to evolve larger than any one agency can address, the FBI remains committed to being an indispensable partner to our federal, international and private sector partners to stop rampant cyber crime and hold those carrying out these kind of actions accountable.”

联邦调查局副局长戴维·鲍迪奇(David Bowdich)表示:“今天的公告显示了中国黑客所带来的种种后果,但也提醒那些继续采用恶意网络策略的人,我们将利用我们必须使用的所有工具来执行司法”, “在马来西亚的逮捕是伙伴关系,合作与协作的直接结果。随着网络威胁的不断发展超出任何一个机构所能应对的范围,FBI继续致力于成为我们联邦,国际和私营部门合作伙伴不可或缺的合作伙伴,以制止猖獗的网络犯罪,并追究采取此类行为人的责任。”

“The scope and sophistication of the crimes in these unsealed indictments is unprecedented. The alleged criminal scheme used actors in China and Malaysia to illegally hack, intrude and steal information from victims worldwide,” said Michael R. Sherwin, Acting U.S. Attorney for the District of Columbia.  “As set forth in the charging documents, some of these criminal actors believed their association with the PRC provided them free license to hack and steal across the globe.  This scheme also contained a new and troubling cyber-criminal component – the targeting and utilization of gaming platforms to both defraud video game companies and launder illicit proceeds.”

“在这些开封的起诉书中,犯罪的范围和复杂程度是前所未有的。所述的犯罪计划利用中国和马来西亚的实施者非法骇客,入侵和窃取了全世界范围受害者的信息。”哥伦比亚特区代理美国律师迈克尔·舍温说: “根据指控文件中的所述,其中一些犯罪分子认为,他们与中国的关系为他们提供了免费许可证,可以在全球范围内进行黑客攻击和偷窃。该计划还包含了一个新的令人困扰的网络犯罪组成部分:定位和利用游戏平台来欺诈视频游戏公司和进行非法收入洗钱活动。”

“The actions announced today reflect a years-long commitment by the FBI Washington Field Office to pursue the perpetrators of the computer intrusion campaigns described in the indictments, and to bring those perpetrators to justice,” said Acting Assistant Director in Charge James A. Dawson, FBI Washington Field Office. “This case demonstrates the FBI’s dedication to pursuing these criminals no matter where they are, and to whom they may be connected.” 

联邦调查局华盛顿办事处代理主管詹姆斯·A·道森说:“今天宣布的行动反映了联邦调查局华盛顿办事处对起诉书中描述的计算机入侵活动的肇事者追责的长期承诺,并将这些肇事者绳之以法” , “此案表明联邦调查局致力于追捕这些罪犯,无论他们身在何处,以及与谁有联系”。

The August 2019 indictment charged Zhang Haoran (张浩然), 35, and Tan Dailin (谭戴林), 35, with 25 counts of conspiracy, wire fraud, aggravated identity theft, money laundering, and violations of the Computer Fraud and Abuse Act (“CFAA”).  The indictment charged Zhang and Tan with participating in a “Computer Hacking Conspiracy,” which targeted high-technology and similar organizations.  The indictment also charged that, as an additional way to make money, Zhang and Tan participated in a “Video Game Conspiracy,” through which Zhang and Tan, together with others, sought to make money by hacking video game companies, obtaining and otherwise generating digital items of value (e.g., video game currency), and then selling such items for profit.  In several instances, they used their unauthorized access to gaming company networks take action against other unrelated groups engaged in the same fraudulent generation of gaming artifacts, thereby attempting to eliminate the criminal competition.

2019年8月的起诉书指控了张浩然,35岁,谭戴林,35岁,涉及25项共谋、电汇欺诈、严重身份盗窃、洗钱,以及违反《计算机欺诈和滥用法》(“CFAA”)的罪名。起诉书指控张和谭参与了针对高科技和类似组织的“计算机黑客阴谋”。起诉书还指控,作为另一种赚钱的方式,张和谭参与了“视频游戏合谋”活动,通过该活动,张和谭与其他人一起试图通过入侵视频游戏公司,获取并以其他方式赚钱价值的数字商品(例如视频游戏货币),然后出售此类商品以获取利润。在几起例子里,他们使用未经授权的方式访问游戏公司网络,对从事同一欺诈游戏产品的其他不相关团体采取行动,以此试图消除犯罪竞争。

One of the August 2020, indictments charged Jiang Lizhi (蒋立志), 35, Qian Chuan (钱川), 39, and Fu Qiang (付强), 37, with nine counts of racketeering conspiracy, conspiracy to violate the CFAA, substantive violations of the CFAA, access device fraud, identity theft, aggravated identity theft, and money laundering.  The racketeering conspiracy pertained to the three defendants’ conducting the affairs of Chengdu 404 Network Technology (“Chengdu 404”), a PRC company, through a pattern of racketeering activity involving computer intrusion offenses affecting over 100 victim companies, organizations, and individuals in the United States and around the world, including in Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam.  The defendants also compromised foreign government computer networks in India and Vietnam, and targeted, but did not compromise, government computer networks in the United Kingdom.  In one notable instance, the defendants conducted a ransomware attack on the network of a non-profit organization dedicated to combating global poverty.

2020年8月的一份起诉书指控了蒋立志,35岁,钱川,39岁,和付强,37岁,涉及9项罪名 – 敲诈勒索阴谋,密谋违反《计算机欺诈和滥用法》,严重违反《计算机欺诈和滥用法》,设备访问欺诈,身份盗窃,严重身份盗窃和洗钱。敲诈勒索阴谋涉及三名被告人执行了一家中国成都404网络技术有限公司(“成都404”)的事务, 通过计算机入侵犯罪的敲诈勒索活动模式,涉及到100多个在美国和世界各地的受害者公司,组织和个人,包括澳大利亚,巴西,智利,香港,印度,印度尼西亚,日本,马来西亚,巴基斯坦,新加坡,韩国,台湾,泰国和越南。
被告还侵害了印度和越南的外国政府计算机网络,并且实施却并未实现以英国为目标侵害该政府的计算机网络。在一个值得注意的例子中,被告对一个致力于打击全球贫困的非营利组织的网络进行了勒索软件攻击。

The defendants associated with Chengdu 404 employed sophisticated hacking techniques to gain and maintain access to victim computer networks.  One example was the defendants’ use of “supply chain attacks,” in which the hackers compromised software providers and then modified the providers’ code to facilitate further intrusions against the software providers’ customers.  Another example was the hackers’ use of C2 “dead drops,” which are seemingly legitimate web pages that the hackers created, but which were surreptitiously encoded instructions to their malware.  However, they also employed publicly available exploits and tools, including the following common vulnerabilities and exposures (“CVE”):  CVE-2019-19781, CVE-2019-11510, CVE-2019-16920, CVE-2019-16278, CVE-2019-1652/CVE-2019-1653, and CVE-2020-10189.


与“成都404”相关的被告利用复杂的黑客技术来获取并维护对受害计算机网络的访问。一个例子是被告对“供应链攻击”的使用,其中黑客入侵了软件提供商,然后修改了提供商的代码,以有利于对软件提供商客户的进一步入侵。另一个例子是黑客对C2“秘密报点”的使用,这看似黑客创建的合法网页,但却是对其恶意软件的秘密编码指令。但是,他们还使用了公开可用的漏洞开发和工具,包括以下常见漏洞和曝光(CVE):CVE-2019-19781,CVE-2019-11510,CVE-2019-16920,CVE-2019-16278,CVE- 2019-1652 / CVE-2019-1653和CVE-2020-10189。

The second August 2020 indictment charged Wong Ong Hua, 46, and Ling Yang Ching, 32, both Malaysian nationals and residents, with 23 counts of racketeering, conspiracy, identity theft, aggravated identity theft, access device fraud, money laundering, violations of the CFAA, and falsely registering domain names.  The indictment alleged that Wong and Ling conducted the affairs of Sea Gamer Mall, a Malaysian company founded by Wong, through a pattern of racketeering activity involving computer intrusion offenses targeting the video game industry in the United States, France, Japan, Singapore, and South Korea.  The indictment alleged that Wong and Ling worked with various hackers, including Zhang and Tan, to profit from the hackers’ criminal computer intrusions at video game companies. 

2020年8月的第二份起诉书指控了黄王华(Wong Ong Hua),46岁和凌阳晴(Ling Yang Ching),32岁,两人都是马来西亚国籍和居民,涉及23项罪名 – 诈骗,阴谋,身份盗窃,严重身份盗窃,设备访问欺诈,洗钱,违反《计算机欺诈和滥用法》和虚假注册域名。起诉书指控黄和凌执行由黄先生创立的马来西亚公司Sea Gamer Mall的事务, 通过计算机入侵犯罪的敲诈勒索活动模式,针对在美国,法国,日本,新加坡和南韩的视频游戏行业。起诉书称,黄和凌与包括张和谭在内的各种黑客合作,从黑客对视频游戏公司的犯罪计算机入侵中获利。

The indictment against Zhang and Tan charges the defendants with two counts of conspiracy to commit computer fraud, which carries a maximum sentence of five years in prison; two counts of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; five counts of wire fraud, which carries a maximum sentence of 20 years in prison; nine counts of intentional damage to a protected computer, which carries a maximum sentence of 10 years in prison; four counts of unauthorized access to a protected computer, which carries a maximum sentence of five years in prison; two counts of aggravated identity theft, which carries a mandatory sentence of two years in prison; and one count of money laundering, which carries a maximum sentence of 20 years in prison.

针对张和谭的起诉书指控被告犯有两项共谋进行计算机欺诈的罪名,最高可判处五年监禁;两项串谋实施电汇欺诈罪,最高可判处20年监禁;五项电汇欺诈罪,最高可判处20年监禁;九项对受保护的计算机的故意破坏罪名,最高可判处十年监禁;四项未经授权使用受保护计算机的罪名,最高可判处五年监禁;两项严重的身份盗窃罪,判处两年监禁;一项洗钱罪,最高可判20年监禁。

The indictment against Jiang, Qian, and Fu charges the defendants with one count of racketeering conspiracy, which carries a maximum sentence of 20 years in prison; one count of conspiracy to commit computer fraud, which carries a maximum sentence of five years in prison; one count of intentional damage to a protected computer, which carries a maximum sentence of 10 years in prison; one count of unauthorized access to a protected computer, which carries a maximum sentence of five years in prison; one count of threatening to damage a protected computer, which carries a maximum sentence of five years in prison; one count of access device fraud, which carries a maximum sentence of 10 years in prison; one count of identity theft, which carries a maximum sentence of five years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; and one count of money laundering, which carries a maximum sentence of 20 years in prison.

针对蒋,钱,付的起诉书指控被告犯有一项敲诈勒索罪,最高可判处20年监禁;一项串谋实施计算机欺诈的罪名,最高可判处五年监禁;一项对受保护计算机的故意损坏罪,最高可判处10年监禁;未经授权使用受保护计算机的一项罪名,最高可判处五年监禁;一项威胁要损坏受保护计算机的指控,最高可判处五年监禁;一项设备访问欺诈罪,最高可判处十年监禁;一项身份盗窃罪,最高可判处五年监禁;一项严重的身份盗窃罪,判处两年监禁;一项洗钱罪,最高可判20年监禁。

The indictment against Wong and Ling charges the defendants with one count of racketeering conspiracy, which carries a maximum sentence of 20 years in prison; one count of racketeering, which carries a maximum sentence of 20 years in prison; three counts of intentional damage to a protected computer, which carries a maximum sentence of 10 years in prison; five counts of unauthorized access to a protected computer, which carries a maximum sentence of five years in prison; five counts of furthering fraud by unauthorized access to a protected computer, which carries a maximum sentence of five years in prison; two counts of access device fraud, which carries a maximum sentence of 10 years in prison; two counts of identity theft, which carries a maximum sentence of five years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; and three counts of money laundering, which carries a maximum sentence of 20 years in prison.  The indictment also alleges false registration of domain names, which would increase the maximum sentence of imprisonment for money laundering to 27 years; the maximum sentence of imprisonment for unlawful access to a protected computer to 10 years instead of five years; the maximum sentence of imprisonment for intentional damage to a protected computer to 17 years instead of 10 years; and the mandatory sentence of imprisonment for aggravated identity theft to four years instead of two years.

针对黄和玲的起诉书指控被告犯有一项敲诈勒索合谋罪,最高可判处20年监禁;一项敲诈勒索罪,最高可判处20年监禁;三项对受保护的计算机的故意损坏罪,最高可判处10年监禁;五项未经授权使用受保护计算机的罪名,最高可判处五年监禁;五项未经授权使用受保护的计算机进一步欺诈的罪名,最高可判处五年监禁;两项访问设备欺诈罪,最高可判处十年监禁;两项身份盗窃罪,最高可判处五年监禁;一项严重的身份盗窃罪,判处两年监禁;以及三项洗钱罪,最高可判20年监禁。起诉书还指控对域名进行虚假注册,这将使洗钱的最高监禁刑期提高至27年;非法使用受保护的计算机的最高刑罚为10年而不是5年;因故意损坏受保护计算机而将其判处的最高刑罚是17年而不是10年;并以加重身份盗窃罪判处有期徒刑4年,而不是2年。

The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only; any sentencing’s of the defendants will be determined by the assigned judge.

在这个案子里,可能的最高刑罚由国会规定,在此仅供参考;被告的任何量刑将由指派的法官确定。

The investigation was conducted jointly by the U.S. Attorney’s Office for the District of Columbia, the National Security Division of the Department of Justice, and the FBI’s Washington Field Office.  The FBI’s Cyber Division assisted in the investigation and, along with FBI’s Cyber Assistant Legal Attachés and Legal Attachés in countries around the world, provided essential support.  Numerous victims cooperated and provided valuable assistance in the investigation. 

这项调查是由美国哥伦比亚特区检察官办公室,司法部国家安全部门和联邦调查局的华盛顿办事处联合进行的。 协助调查的FBI网络部门,以及FBI的网络助理法律专员和世界各地的法律专员一起提供了必要的支持。无数受害者在调查中给予了合作并提供了宝贵的帮助。

The department is also grateful to Microsoft, including Microsoft’s Threat Intelligence Center (MSTIC) and Digital Crimes Unit (DCU), to Google, including its Threat Analysis Group (TAG), to Facebook, and to Verizon Media, including its Paranoids Advanced Cyber Threats Team, for the assistance they provided in this investigation.

本司法部还感谢微软(Microsoft),包括Microsoft的威胁情报中心(MSTIC)和数字犯罪部门(DCU),感谢Google,包括其威胁分析小组(TAG),感谢Facebook,以及Verizon Media,包括其高级网络威胁小组,感谢他们在这项调查中提供的帮助。

Assistant U.S. Attorney Demian Ahn of the District of Columbia, Assistant U.S. Attorney Tejpal Chawla of the District of Columbia, and Trial Attorney Evan Turgeon of the National Security Division’s Counterintelligence and Export Control Section are prosecuting this case.


哥伦比亚特区的助理美国检察官德米安。安(Demian Ahn),哥伦比亚特区的助理美国检察官特吉派。乔拉(Tejpal Chawla)和国家安全局反情报和出口管制科的审判律师埃文·塔金(Evan Turgeon)在起诉此案。

The Justice Department’s Office of International Affairs provided critical assistance. 

司法部的国际事务办公室提供了重要的帮助。

The details contained in the charging document are allegations. The defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.


指控文件中包含的细节均为指控。直到在法庭上经合理怀疑证明其有罪前,被告被认为是无罪的。

翻译:【文所未闻】校对:【Guanghan宝宝】编辑:【Isaiah4031】

战友之家玫瑰园小队出品

閱讀司法部原文: https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer

相关新闻:

【司法部“以法灭共”系列行动】一女子企图非法向中国出口海上突击艇和引擎将面临15年刑期 

【中英文对照】美国司法部召开记者会公布中共国涉嫌计算机入侵行动的指控 – 标志“以法灭共”正式开始!

司法部副部长杰弗里·罗森9.16讲话(中英文字幕)

+1
0 评论
Inline Feedbacks
View all comments

Himalaya Rose Garden Team

“but those who hope in the Lord will renew their strength. They will soar on wings like eagles; they will run and not grow weary, they will walk and not be faint” 【Isaiah 40:31】 9月 20日