【司法部「以法滅共」系列行動】七名被告包括五名與國安有關聯的中國人被控入侵全球計算機

圖片來源:Photo by Lewis Ngugi on Unsplash

Wednesday, September 16, 2020

2020年9月16日(星期三)

Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally

Two Defendants Arrested in Malaysia; Remaining Five Defendants, One of Whom Allegedly Boasted of Connections to the Chinese Ministry of State Security, are Fugitives in China

包括「Apt41」實施人在內的七名國際網絡被告,被控涉嫌全球超過100名受害公司的計算機入侵

2名被告於馬來西亞被捕;其餘5名被告系中國逃犯,其中1名據稱與中國國家安全部有關聯

In August 2019 and August 2020, a federal grand jury in Washington, D.C., returned two separate indictments charging five computer hackers, all of whom were residents and nationals of the People’s Republic of China (PRC), with computer intrusions affecting over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

於2019年8月和2020年8月,華盛頓特區的聯邦大陪審團分別發佈了兩項指控書,指控5名計算機黑客,這5名黑客都是中華人民共和國(PRC)的居民且有中華人民共和國(PRC)國籍,他們通過計算機入侵影響了超過100家美國和國外受害公司,包括軟件開發公司、計算機硬件製造商、電信供應商、社交媒體公司、視頻遊戲公司、非盈利組織、大學、智庫和外國政府,以及香港民主政客和活動家。

The intrusions, which security researchers have tracked using the threat labels “APT41,” “Barium,” “Winnti,” “Wicked Panda,” and “Wicked Spider,” facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information.  These intrusions also facilitated the defendants’ other criminal schemes, including ransomware and “crypto-jacking” schemes, the latter of which refers to the group’s unauthorized use of victim computers to “mine” cryptocurrency. 

安全研究人員以威脅標籤 「APT41」、 「Barium」、「Winnti」、「Wicked Panda」 和 「Wicked Spider」 跟蹤了這些入侵。這些入侵幫助了源代碼、軟件代碼簽名證書、客戶賬號數據,和有價值的商業信息的盜竊。這些入侵也幫助了這些被告人其它的犯罪方案,包括勒索軟件和「加密劫持」,後者指的是該團伙未經授權而使用受害者的計算機用於「開採」加密貨幣。

Also in August 2020, the same federal grand jury returned a third indictment charging two Malaysian businessmen who conspired with two of the Chinese hackers to profit from computer intrusions targeting the video game industry in the United States and abroad.  Shortly thereafter, the U.S. District Court for the District of Columbia issued arrest warrants for the two businessmen.  On Sept. 14, 2020, pursuant to a provisional arrest request from the United States with a view to their extradition, Malaysian authorities arrested them in Sitiawan.  The department appreciates the significant cooperation and assistance provided by the Government of Malaysia, including the Attorney General’s Chambers of Malaysia and the Royal Malaysia Police.

同樣在2020年8月,同一聯邦大陪審團發佈了第三項指控書,指控2名馬來西亞商人與其中2名中國黑客合謀,從針對美國和外國視頻遊戲行業的計算機入侵中獲利。此後不久,美國哥倫比亞特區地方法庭對這2名商人發出了逮捕令。2020年9月14日,根據美國的臨時逮捕請求以將其引渡,馬來西亞當局在實兆遠逮捕了他們。司法部感謝馬來西亞政府的大力合作和協助,包括馬來西亞總檢察院和馬來西亞皇家警察。

In addition to arrest warrants for all of the charged defendants, in September 2020, the U.S. District Court for the District of Columbia issued seizure warrants that resulted in the recent seizure of hundreds of accounts, servers, domain names, and command-and-control (C2”) “dead drop” web pages used by the defendants to conduct their computer intrusion offenses.  The FBI executed the warrants in coordination with other actions by several private-sector companies, which included disabling numerous accounts for violations of the companies’ terms of service.  In addition, in partnership with the department, Microsoft developed and implemented technical measures to block this threat actor from accessing victims’ computer systems.  The actions by Microsoft were a significant part of the overall effort to deny the defendants continued access to hacking infrastructure, tools, accounts, and command and control domain names.  In coordination with today’s announcement, the FBI has also released a Liaison Alert System (FLASH) report that contains critical, relevant technical information collected by the FBI for use by specific private-sector partners.

除了對所有被控被告人的逮捕令之外,美國哥倫比亞特區地方法庭於2020年9月發佈了扣押令,其導致最近扣押了數百個賬戶、服務器、域名,以及被告用來計算機入侵犯罪的命令和控制(」C2」)」秘密報點」網頁。FBI在與數家私營公司其他行動的配合下,執行了逮捕令。其中包括因違反公司的使用條款而禁用大量帳戶。此外,微軟與本司法部合作,開發和實施了技術措施,以阻止威脅操作者訪問到受害人的計算機系統。在拒絕被告繼續訪問黑客系統,黑客工具,帳戶以及命令控制域名的整體努力中,微軟採取的行動是重要組成部分。為了配合今天的公告,聯邦調查局還發佈了聯絡警報系統(FLASH)報告,其中包括聯邦調查局收集的關鍵,供特定私營合作夥伴使用相關技術信息。

“The department of Justice has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens,” said Deputy Attorney General Jeffrey A. Rosen.  “Regrettably, the Chinese communist party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.”


副總檢察長傑弗里·羅森說:「司法部已使用一切可用工具來阻斷這些中國公民的非法計算機入侵和網絡攻擊」, 「遺憾的是,中國共產黨選擇了一條確保中國安全的不同道路,即對網絡犯罪分子網開一面,只要他們攻擊中國境外的計算機並竊取對中國有幫助的知識產權即可。」

 “Today’s charges, the related arrests, seizures of malware and other infrastructure used to conduct intrusions, and coordinated private sector protective actions reveal yet again the department’s determination to use all of the tools at its disposal and to collaborate with the private sector and nations who support the rule of law in cyberspace,” said Assistant Attorney General John C. Demers.  “This is the only way to neutralize malicious nation state cyber activity.”


「今天的指控,相關逮捕,沒收用於進行入侵的惡意軟件和其它基礎設施,以及協調一致的私營部門保護性行動,再次表明司法部決心使用所有可用工具,並與私營部門和其它支持網絡空間法治的國家合作,」助理司法部長約翰·德默斯(John C. Demers)說,「這是消除惡意的國家層面網絡活動的唯一方法。」

“Today’s announcement demonstrates the ramifications faced by the hackers in China but it is also a reminder to those who continue to deploy malicious cyber tactics that we will utilize every tool we have to administer justice,” said FBI Deputy Director David Bowdich. “The arrests in Malaysia are a direct result of partnership, cooperation and collaboration. As the cyber threat continues to evolve larger than any one agency can address, the FBI remains committed to being an indispensable partner to our federal, international and private sector partners to stop rampant cyber crime and hold those carrying out these kind of actions accountable.”

聯邦調查局副局長戴維·鮑迪奇(David Bowdich)表示:「今天的公告顯示了中國黑客所帶來的種種後果,但也提醒那些繼續採用惡意網絡策略的人,我們將利用我們必須使用的所有工具來執行司法」, 「在馬來西亞的逮捕是夥伴關係,合作與協作的直接結果。隨著網絡威脅的不斷發展超出任何一個機構所能應對的範圍,FBI繼續致力於成為我們聯邦,國際和私營部門合作夥伴不可或缺的合作夥伴,以制止猖獗的網絡犯罪,並追究採取此類行為人的責任。」

“The scope and sophistication of the crimes in these unsealed indictments is unprecedented. The alleged criminal scheme used actors in China and Malaysia to illegally hack, intrude and steal information from victims worldwide,” said Michael R. Sherwin, Acting U.S. Attorney for the District of Columbia.  “As set forth in the charging documents, some of these criminal actors believed their association with the PRC provided them free license to hack and steal across the globe.  This scheme also contained a new and troubling cyber-criminal component – the targeting and utilization of gaming platforms to both defraud video game companies and launder illicit proceeds.”

「在這些開封的起訴書中,犯罪的範圍和複雜程度是前所未有的。所述的犯罪計劃利用中國和馬來西亞的實施者非法駭客,入侵和竊取了全世界範圍受害者的信息。」哥倫比亞特區代理美國律師邁克爾·捨溫說: 「根據指控文件中的所述,其中一些犯罪分子認為,他們與中國的關係為他們提供了免費許可證,可以在全球範圍內進行黑客攻擊和偷竊。該計劃還包含了一個新的令人困擾的網絡犯罪組成部分:定位和利用遊戲平台來欺詐視頻遊戲公司和進行非法收入洗錢活動。」

“The actions announced today reflect a years-long commitment by the FBI Washington Field Office to pursue the perpetrators of the computer intrusion campaigns described in the indictments, and to bring those perpetrators to justice,” said Acting Assistant Director in Charge James A. Dawson, FBI Washington Field Office. “This case demonstrates the FBI’s dedication to pursuing these criminals no matter where they are, and to whom they may be connected.” 

聯邦調查局華盛頓辦事處代理主管詹姆斯·A·道森說:「今天宣佈的行動反映了聯邦調查局華盛頓辦事處對起訴書中描述的計算機入侵活動的肇事者追責的長期承諾,並將這些肇事者繩之以法」 , 「此案表明聯邦調查局致力於追捕這些罪犯,無論他們身在何處,以及與誰有聯繫」。

The August 2019 indictment charged Zhang Haoran (张浩然), 35, and Tan Dailin (谭戴林), 35, with 25 counts of conspiracy, wire fraud, aggravated identity theft, money laundering, and violations of the Computer Fraud and Abuse Act (“CFAA”).  The indictment charged Zhang and Tan with participating in a “Computer Hacking Conspiracy,” which targeted high-technology and similar organizations.  The indictment also charged that, as an additional way to make money, Zhang and Tan participated in a “Video Game Conspiracy,” through which Zhang and Tan, together with others, sought to make money by hacking video game companies, obtaining and otherwise generating digital items of value (e.g., video game currency), and then selling such items for profit.  In several instances, they used their unauthorized access to gaming company networks take action against other unrelated groups engaged in the same fraudulent generation of gaming artifacts, thereby attempting to eliminate the criminal competition.

2019年8月的起訴書指控了張浩然,35歲,譚戴林,35歲,涉及25項共謀、電匯欺詐、嚴重身份盜竊、洗錢,以及違反《計算機欺詐和濫用法》(「CFAA」)的罪名。起訴書指控張和譚參與了針對高科技和類似組織的「計算機黑客陰謀」。起訴書還指控,作為另一種賺錢的方式,張和譚參與了「視頻遊戲合謀」活動,通過該活動,張和譚與其他人一起試圖通過入侵視頻遊戲公司,獲取並以其他方式賺錢價值的數字商品(例如視頻遊戲貨幣),然後出售此類商品以獲取利潤。在幾起例子里,他們使用未經授權的方式訪問遊戲公司網絡,對從事同一欺詐遊戲產品的其他不相關團體採取行動,以此試圖消除犯罪競爭。

One of the August 2020, indictments charged Jiang Lizhi (蒋立志), 35, Qian Chuan (钱川), 39, and Fu Qiang (付强), 37, with nine counts of racketeering conspiracy, conspiracy to violate the CFAA, substantive violations of the CFAA, access device fraud, identity theft, aggravated identity theft, and money laundering.  The racketeering conspiracy pertained to the three defendants’ conducting the affairs of Chengdu 404 Network Technology (“Chengdu 404”), a PRC company, through a pattern of racketeering activity involving computer intrusion offenses affecting over 100 victim companies, organizations, and individuals in the United States and around the world, including in Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand, and Vietnam.  The defendants also compromised foreign government computer networks in India and Vietnam, and targeted, but did not compromise, government computer networks in the United Kingdom.  In one notable instance, the defendants conducted a ransomware attack on the network of a non-profit organization dedicated to combating global poverty.

2020年8月的一份起訴書指控了蔣立志,35歲,錢川,39歲,和付強,37歲,涉及9項罪名 – 敲詐勒索陰謀,密謀違反《計算機欺詐和濫用法》,嚴重違反《計算機欺詐和濫用法》,設備訪問欺詐,身份盜竊,嚴重身份盜竊和洗錢。敲詐勒索陰謀涉及三名被告人執行了一家中國成都404網絡技術有限公司(「成都404」)的事務, 通過計算機入侵犯罪的敲詐勒索活動模式,涉及到100多個在美國和世界各地的受害者公司,組織和個人,包括澳大利亞,巴西,智利,香港,印度,印度尼西亞,日本,馬來西亞,巴基斯坦,新加坡,韓國,台灣,泰國和越南。
被告還侵害了印度和越南的外國政府計算機網絡,並且實施卻並未實現以英國為目標侵害該政府的計算機網絡。在一個值得注意的例子中,被告對一個致力於打擊全球貧困的非營利組織的網絡進行了勒索軟件攻擊。

The defendants associated with Chengdu 404 employed sophisticated hacking techniques to gain and maintain access to victim computer networks.  One example was the defendants’ use of “supply chain attacks,” in which the hackers compromised software providers and then modified the providers’ code to facilitate further intrusions against the software providers’ customers.  Another example was the hackers’ use of C2 “dead drops,” which are seemingly legitimate web pages that the hackers created, but which were surreptitiously encoded instructions to their malware.  However, they also employed publicly available exploits and tools, including the following common vulnerabilities and exposures (“CVE”):  CVE-2019-19781, CVE-2019-11510, CVE-2019-16920, CVE-2019-16278, CVE-2019-1652/CVE-2019-1653, and CVE-2020-10189.


與「成都404」相關的被告利用複雜的黑客技術來獲取並維護對受害計算機網絡的訪問。一個例子是被告對「供應鏈攻擊」的使用,其中黑客入侵了軟件提供商,然後修改了提供商的代碼,以有利於對軟件提供商客戶的進一步入侵。另一個例子是黑客對C2「秘密報點」的使用,這看似黑客創建的合法網頁,但卻是對其惡意軟件的秘密編碼指令。但是,他們還使用了公開可用的漏洞開發和工具,包括以下常見漏洞和曝光(CVE):CVE-2019-19781,CVE-2019-11510,CVE-2019-16920,CVE-2019-16278,CVE- 2019-1652 / CVE-2019-1653和CVE-2020-10189。

The second August 2020 indictment charged Wong Ong Hua, 46, and Ling Yang Ching, 32, both Malaysian nationals and residents, with 23 counts of racketeering, conspiracy, identity theft, aggravated identity theft, access device fraud, money laundering, violations of the CFAA, and falsely registering domain names.  The indictment alleged that Wong and Ling conducted the affairs of Sea Gamer Mall, a Malaysian company founded by Wong, through a pattern of racketeering activity involving computer intrusion offenses targeting the video game industry in the United States, France, Japan, Singapore, and South Korea.  The indictment alleged that Wong and Ling worked with various hackers, including Zhang and Tan, to profit from the hackers’ criminal computer intrusions at video game companies. 

2020年8月的第二份起訴書指控了黃王華(Wong Ong Hua),46歲和凌陽晴(Ling Yang Ching),32歲,兩人都是馬來西亞國籍和居民,涉及23項罪名 – 詐騙,陰謀,身份盜竊,嚴重身份盜竊,設備訪問欺詐,洗錢,違反《計算機欺詐和濫用法》和虛假註冊域名。起訴書指控黃和凌執行由黃先生創立的馬來西亞公司Sea Gamer Mall的事務, 通過計算機入侵犯罪的敲詐勒索活動模式,針對在美國,法國,日本,新加坡和南韓的視頻遊戲行業。起訴書稱,黃和凌與包括張和譚在內的各種黑客合作,從黑客對視頻遊戲公司的犯罪計算機入侵中獲利。

The indictment against Zhang and Tan charges the defendants with two counts of conspiracy to commit computer fraud, which carries a maximum sentence of five years in prison; two counts of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; five counts of wire fraud, which carries a maximum sentence of 20 years in prison; nine counts of intentional damage to a protected computer, which carries a maximum sentence of 10 years in prison; four counts of unauthorized access to a protected computer, which carries a maximum sentence of five years in prison; two counts of aggravated identity theft, which carries a mandatory sentence of two years in prison; and one count of money laundering, which carries a maximum sentence of 20 years in prison.

針對張和譚的起訴書指控被告犯有兩項共謀進行計算機欺詐的罪名,最高可判處五年監禁;兩項串謀實施電匯欺詐罪,最高可判處20年監禁;五項電匯欺詐罪,最高可判處20年監禁;九項對受保護的計算機的故意破壞罪名,最高可判處十年監禁;四項未經授權使用受保護計算機的罪名,最高可判處五年監禁;兩項嚴重的身份盜竊罪,判處兩年監禁;一項洗錢罪,最高可判20年監禁。

The indictment against Jiang, Qian, and Fu charges the defendants with one count of racketeering conspiracy, which carries a maximum sentence of 20 years in prison; one count of conspiracy to commit computer fraud, which carries a maximum sentence of five years in prison; one count of intentional damage to a protected computer, which carries a maximum sentence of 10 years in prison; one count of unauthorized access to a protected computer, which carries a maximum sentence of five years in prison; one count of threatening to damage a protected computer, which carries a maximum sentence of five years in prison; one count of access device fraud, which carries a maximum sentence of 10 years in prison; one count of identity theft, which carries a maximum sentence of five years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; and one count of money laundering, which carries a maximum sentence of 20 years in prison.

針對蔣,錢,付的起訴書指控被告犯有一項敲詐勒索罪,最高可判處20年監禁;一項串謀實施計算機欺詐的罪名,最高可判處五年監禁;一項對受保護計算機的故意損壞罪,最高可判處10年監禁;未經授權使用受保護計算機的一項罪名,最高可判處五年監禁;一項威脅要損壞受保護計算機的指控,最高可判處五年監禁;一項設備訪問欺詐罪,最高可判處十年監禁;一項身份盜竊罪,最高可判處五年監禁;一項嚴重的身份盜竊罪,判處兩年監禁;一項洗錢罪,最高可判20年監禁。

The indictment against Wong and Ling charges the defendants with one count of racketeering conspiracy, which carries a maximum sentence of 20 years in prison; one count of racketeering, which carries a maximum sentence of 20 years in prison; three counts of intentional damage to a protected computer, which carries a maximum sentence of 10 years in prison; five counts of unauthorized access to a protected computer, which carries a maximum sentence of five years in prison; five counts of furthering fraud by unauthorized access to a protected computer, which carries a maximum sentence of five years in prison; two counts of access device fraud, which carries a maximum sentence of 10 years in prison; two counts of identity theft, which carries a maximum sentence of five years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; and three counts of money laundering, which carries a maximum sentence of 20 years in prison.  The indictment also alleges false registration of domain names, which would increase the maximum sentence of imprisonment for money laundering to 27 years; the maximum sentence of imprisonment for unlawful access to a protected computer to 10 years instead of five years; the maximum sentence of imprisonment for intentional damage to a protected computer to 17 years instead of 10 years; and the mandatory sentence of imprisonment for aggravated identity theft to four years instead of two years.

針對黃和玲的起訴書指控被告犯有一項敲詐勒索合謀罪,最高可判處20年監禁;一項敲詐勒索罪,最高可判處20年監禁;三項對受保護的計算機的故意損壞罪,最高可判處10年監禁;五項未經授權使用受保護計算機的罪名,最高可判處五年監禁;五項未經授權使用受保護的計算機進一步欺詐的罪名,最高可判處五年監禁;兩項訪問設備欺詐罪,最高可判處十年監禁;兩項身份盜竊罪,最高可判處五年監禁;一項嚴重的身份盜竊罪,判處兩年監禁;以及三項洗錢罪,最高可判20年監禁。起訴書還指控對域名進行虛假註冊,這將使洗錢的最高監禁刑期提高至27年;非法使用受保護的計算機的最高刑罰為10年而不是5年;因故意損壞受保護計算機而將其判處的最高刑罰是17年而不是10年;並以加重身份盜竊罪判處有期徒刑4年,而不是2年。

The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only; any sentencing’s of the defendants will be determined by the assigned judge.

在這個案子里,可能的最高刑罰由國會規定,在此僅供參考;被告的任何量刑將由指派的法官確定。

The investigation was conducted jointly by the U.S. Attorney’s Office for the District of Columbia, the National Security Division of the Department of Justice, and the FBI’s Washington Field Office.  The FBI’s Cyber Division assisted in the investigation and, along with FBI’s Cyber Assistant Legal Attachés and Legal Attachés in countries around the world, provided essential support.  Numerous victims cooperated and provided valuable assistance in the investigation. 

這項調查是由美國哥倫比亞特區檢察官辦公室,司法部國家安全部門和聯邦調查局的華盛頓辦事處聯合進行的。 協助調查的FBI網絡部門,以及FBI的網絡助理法律專員和世界各地的法律專員一起提供了必要的支持。無數受害者在調查中給予了合作並提供了寶貴的幫助。

The department is also grateful to Microsoft, including Microsoft’s Threat Intelligence Center (MSTIC) and Digital Crimes Unit (DCU), to Google, including its Threat Analysis Group (TAG), to Facebook, and to Verizon Media, including its Paranoids Advanced Cyber Threats Team, for the assistance they provided in this investigation.

本司法部還感謝微軟(Microsoft),包括Microsoft的威脅情報中心(MSTIC)和數字犯罪部門(DCU),感謝Google,包括其威脅分析小組(TAG),感謝Facebook,以及Verizon Media,包括其高級網絡威脅小組,感謝他們在這項調查中提供的幫助。

Assistant U.S. Attorney Demian Ahn of the District of Columbia, Assistant U.S. Attorney Tejpal Chawla of the District of Columbia, and Trial Attorney Evan Turgeon of the National Security Division’s Counterintelligence and Export Control Section are prosecuting this case.


哥倫比亞特區的助理美國檢察官德米安。安(Demian Ahn),哥倫比亞特區的助理美國檢察官特吉派。喬拉(Tejpal Chawla)和國家安全局反情報和出口管制科的審判律師埃文·塔金(Evan Turgeon)在起訴此案。

The Justice Department’s Office of International Affairs provided critical assistance. 

司法部的國際事務辦公室提供了重要的幫助。

The details contained in the charging document are allegations. The defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

指控文件中包含的細節均為指控。直到在法庭上經合理懷疑證明其有罪前,被告被認為是無罪的。

翻譯:【文所未聞】校對:【Guanghan寶寶】編輯:【Isaiah4031】

戰友之家玫瑰園小隊出品

閱讀司法部原文

相關新聞:

【司法部「以法滅共」系列行動】一女子企圖非法向中國出口海上突擊艇和引擎將面臨15年刑期 

【中英文對照】美國司法部召開記者會公佈中共國涉嫌計算機入侵行動的指控 – 標誌「以法滅共」正式開始!

司法部副部長傑弗里·羅森9.16講話(中英文字幕)

+1
0 則留言
Inline Feedbacks
View all comments

Himalaya Rose Garden Team

“but those who hope in the Lord will renew their strength. They will soar on wings like eagles; they will run and not grow weary, they will walk and not be faint” 【Isaiah 40:31】 9月 20日