{ "id": "6955f808-57e8-44fc-95d1-a97d4f300317", "created_at": "2026-04-06T00:19:56.048843Z", "updated_at": "2026-04-10T13:11:47.754944Z", "deleted_at": null, "sha1_hash": "9f3c4c5deda503d83cd9d4030d634801a539fd69", "title": "Chinese Hackers Indicted | Federal Bureau of Investigation", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 41656, "plain_text": "Chinese Hackers Indicted | Federal Bureau of Investigation\r\nArchived: 2026-04-05 15:35:01 UTC\r\nChinese Hackers Indicted\r\nMembers of APT 10 Group Targeted Intellectual Property and Confidential Business Information\r\nFBI Director Christopher Wray speaks at a December 20, 2018 press conference at the Department of Justice\r\nannouncing charges against Zhu Hua and Zhang Shilong, both Chinese nationals and members of the APT 10\r\nhacking group, as Deputy Attorney General Rod J. Rosenstein looks on.\r\nFBI Director Christopher Wray speaks at a December 20, 2018 press conference at the Department of Justice\r\nannouncing charges against Zhu Hua and Zhang Shilong, both Chinese nationals and members of the APT 10\r\nhacking group, as Deputy Attorney General Rod J. Rosenstein looks on.\r\nTwo Chinese men have been charged in a massive, years-long hacking campaign that stole personal and\r\nproprietary information from companies around the world, the FBI and the Justice Department announced at a\r\npress conference today in Washington, D.C.\r\nThe men, Zhu Hua and Zhang Shilong, are part of a group known as Advanced Persistent Threat 10, or APT 10, a\r\nhacking group associated with the Chinese government. A New York grand jury indicted the pair for conspiracy to\r\ncommit computer intrusion, conspiracy to commit wire fraud, and aggravated identity theft. The indictment was\r\nunsealed today.\r\nAccording to the indictment, from around 2006 to 2018, APT 10 conducted extensive hacking campaigns, stealing\r\ninformation from more than 45 victim organizations, including American companies. Hundreds of gigabytes of\r\nsensitive data were secretly taken from companies in a diverse range of industries, such as health care,\r\nbiotechnology, finance, manufacturing, and oil and gas.\r\nFBI Director Christopher Wray described the list of companies, not named in the indictment, as a “Who’s Who” of\r\nthe global economy. Even government agencies like NASA and the Department of Energy were among the\r\nvictims. The hack is part of China’s ongoing efforts to steal intellectual property from other countries.\r\n“Healthy competition is good for the global economy. Criminal conduct is not. Rampant theft is not. Cheating is\r\nnot,” Wray said at the press conference. \r\nAPT 10 used “spear phishing” techniques to introduce malware onto targeted computers. The hackers sent emails\r\nthat appeared to be from legitimate addresses but contained attachments that installed a program to secretly record\r\nall keystrokes on the machine, including user names and passwords. The group also targeted managed service\r\nproviders (MSPs), companies that remotely manage their clients’ servers and networks. MSP hacks allowed APT\r\n10 members to indirectly gain access to confidential data of numerous companies who were the clients of the\r\nMSPs.\r\nhttps://www.fbi.gov/news/stories/chinese-hackers-indicted-122018\r\nPage 1 of 2\n\n“China’s state-sponsored actors are the most active perpetrators of state-sponsored espionage against us.”\r\nFBI Director Christopher Wray\r\n“When hackers gain access to MSPs, they can steal sensitive business information that gives competitors an unfair\r\nadvantage,” said Deputy Attorney General Rod J. Rosenstein during today’s announcement.\r\nAPT 10 also accessed the personal information of more than 100,000 U.S. Navy personnel.\r\nIn remarks announcing the indictments, Wray noted that FBI and Department of Defense investigators worked\r\ntogether to analyze hundreds of malware samples. Investigators found links between victims and APT 10. The\r\nFBI’s Cyber Action Team, in collaboration with the Department of Homeland Security, also provided technical\r\nassistance and investigated the incidents.\r\nAlthough the two indicted hackers are believed to be in China, they can be arrested if they travel.\r\nThis indictment is the latest in a series of charges against international hackers who target the United States and its\r\nallies. In October, seven Russian government operatives were charged with hacking into international anti-doping\r\nagencies. Last month, two Iranians were charged with using ransomware to infiltrate critical networks in the\r\nUnited States and Canada.\r\nThe cyber espionage threat from China is the most pervasive, Wray stressed.\r\n“China’s goal, simply put, is to replace the U.S. as the world’s leading superpower, and they’re using illegal\r\nmethods to get there. They’re using an expanding set of non-traditional and illegal methods,” Wray said. “China’s\r\nstate-sponsored actors are the most active perpetrators of state-sponsored espionage against us.”\r\nScreenshot of Wanted by the FBI poster for Zhu Hua and Zhang Shilong, two members of a hacking group\r\noperating in China known in the cybersecurity community as Advanced Persistent Threat 10 (the APT 10 Group).\r\nSelect image to view/download poster.\r\nSource: https://www.fbi.gov/news/stories/chinese-hackers-indicted-122018\r\nhttps://www.fbi.gov/news/stories/chinese-hackers-indicted-122018\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia", "ETDA" ], "origins": [ "web" ], "references": [ "https://www.fbi.gov/news/stories/chinese-hackers-indicted-122018" ], "report_names": [ "chinese-hackers-indicted-122018" ], "threat_actors": [ { "id": "04b07437-41bb-4126-bcbb-def16f19d7c6", "created_at": "2022-10-25T16:07:24.232628Z", "updated_at": "2026-04-10T02:00:04.906097Z", "deleted_at": null, "main_name": "Stone Panda", "aliases": [ "APT 10", "ATK 41", "Bronze Riverside", "CTG-5938", "CVNX", "Cuckoo Spear", "Earth Kasha", "G0045", "G0093", "Granite Taurus", "Happyyongzi", "Hogfish", "ITG01", "Operation A41APT", "Operation Cache Panda", "Operation ChessMaster", "Operation Cloud Hopper", "Operation Cuckoo Spear", "Operation New Battle", "Operation Soft Cell", "Operation TradeSecret", "Potassium", "Purple Typhoon", "Red Apollo", "Stone Panda", "TA429", "menuPass", "menuPass Team" ], "source_name": "ETDA:Stone Panda", "tools": [ "Agent.dhwf", "Agentemis", "Anel", "AngryRebel", "BKDR_EVILOGE", "BKDR_HGDER", "BKDR_NVICM", "BUGJUICE", "CHINACHOPPER", "ChChes", "China Chopper", "Chymine", "CinaRAT", "Cobalt Strike", "CobaltStrike", "DARKTOWN", "DESLoader", "DILLJUICE", "DILLWEED", "Darkmoon", "DelfsCake", "Derusbi", "Destroy RAT", "DestroyRAT", "Ecipekac", "Emdivi", "EvilGrab", "EvilGrab RAT", "FYAnti", "Farfli", "Gen:Trojan.Heur.PT", "Gh0st RAT", "Ghost RAT", "GreetCake", "HAYMAKER", "HEAVYHAND", "HEAVYPOT", "HTran", "HUC Packet Transmit Tool", "Ham Backdoor", "HiddenFace", "Impacket", "Invoke the Hash", "KABOB", "Kaba", "Korplug", "LODEINFO", "LOLBAS", "LOLBins", "Living off the Land", "MiS-Type", "Mimikatz", "Moudour", "Mydoor", "NBTscan", "NOOPDOOR", "Newsripper", "P8RAT", "PCRat", "PlugX", "Poison Ivy", "Poldat", "PowerSploit", "PowerView", "PsExec", "PsList", "Quarks PwDump", "Quasar RAT", "QuasarRAT", "RedDelta", "RedLeaves", "Rubeus", "SNUGRIDE", "SPIVY", "SharpSploit", "SigLoader", "SinoChopper", "SodaMaster", "Sogu", "TIGERPLUG", "TVT", "Thoper", "Trochilus RAT", "UpperCut", "Vidgrab", "WinRAR", "WmiExec", "Wmonder", "Xamtrav", "Yggdrasil", "Zlib", "certutil", "certutil.exe", "cobeacon", "dfls", "lena", "nbtscan", "pivy", "poisonivy", "pwdump" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434796, "ts_updated_at": 1775826707, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/9f3c4c5deda503d83cd9d4030d634801a539fd69.pdf", "text": "https://archive.orkl.eu/9f3c4c5deda503d83cd9d4030d634801a539fd69.txt", "img": "https://archive.orkl.eu/9f3c4c5deda503d83cd9d4030d634801a539fd69.jpg" } }