{ "id": "d3cae8b5-0cfc-466c-904d-d996a8200535", "created_at": "2026-04-06T15:53:52.749582Z", "updated_at": "2026-04-10T03:32:38.976035Z", "deleted_at": null, "sha1_hash": "ed7a317c62caedccfec32622a7c6b3f0650bfe2b", "title": "Deputy Attorney General Rod J. Rosenstein Announces Charges Against Chinese Hackers", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 35836, "plain_text": "Deputy Attorney General Rod J. Rosenstein Announces Charges\r\nAgainst Chinese Hackers\r\nPublished: 2018-12-20 · Archived: 2026-04-06 15:32:07 UTC\r\nI am honored to be joined by FBI Director Chris Wray, National Security Division Assistant Attorney General\r\nJohn Demers, and Southern District of New York U.S. Attorney Geoffrey Berman.\r\nToday, the Department of Justice is announcing a criminal indictment of two computer hackers associated with the\r\nChinese government. The charges include conspiracy to commit computer intrusions against dozens of companies\r\nin the United States and around the world.  As with all American criminal charges, individual defendants are\r\npresumed innocent unless proven guilty in a court of law.\r\nThis case is significant because the defendants are accused of targeting and compromising Managed Service\r\nProviders, or MSPs. MSPs are firms that other companies trust to store, process, and protect commercial data,\r\nincluding intellectual property and other confidential business information.  When hackers gain access to MSPs,\r\nthey can steal sensitive business information that gives competitors an unfair advantage.\r\nThe indictment alleges that defendants worked for a group known to cyber security experts as APT-10.  These\r\ngroups are designated as APTs, or Advanced Persistent Threats, because they use malware to gain access to\r\ncomputer networks and exfiltrate data over an extended period of time.\r\nThese defendants allegedly compromised MSP clients in at least a dozen countries. The victims included\r\ncompanies in banking and finance, telecommunications and consumer electronics, medical equipment, packaging,\r\nmanufacturing, consulting, healthcare, biotechnology, automotive, oil and gas exploration, and mining.\r\nThe defendants allegedly committed these crimes in association with a Chinese intelligence service known as the\r\nMinistry of State Security.\r\nThis is not the first time the Department of Justice has accused Chinese state actors and associates of stealing\r\ncommercial information.  Since the indictment of five uniformed members of the People’s Liberation Army in\r\n2014, our Department has repeatedly cast a spotlight on Chinese state-sponsored criminal activity targeting U.S.\r\ncompanies.  \r\nMore than 90 percent of the Department’s cases alleging economic espionage over the past seven years involve\r\nChina. More than two-thirds of the Department’s cases involving thefts of trade secrets are connected to China.  In\r\nthe last few months of this year, our Department has announced charges in three cases alleging crimes committed\r\nat the behest of a branch of the Chinese Ministry of State Security.\r\nIt is unacceptable that we continue to uncover cybercrime committed by China against other nations. In 2015,\r\nChina promised to stop stealing trade secrets and other confidential business information through computer\r\nhacking “with the intent of providing competitive advantages to companies or commercial sectors.”  The activity\r\nalleged in this indictment violates the commitment that China made to members of the international community.\r\nhttps://www.justice.gov/opa/speech/deputy-attorney-general-rod-j-rosenstein-announces-charges-against-chinese-hackers\r\nPage 1 of 2\n\nWe want China to cease illegal cyber activities and honor its commitment to the international community, but the\r\nevidence suggests that China may not intend to live up to its promises.\r\nFor example, the Chinese industrial policy, known as “Made in China 2025,” lists ten strategic advanced\r\nmanufacturing industries that the nation has targeted for promotion and development.  Many of the companies\r\nallegedly targeted recently by Chinese defendants operate in sectors identified by that official policy.  Whether\r\nthrough computer hackers operating from China, or Chinese nationals recruited to steal trade secrets from\r\ncompanies in other countries, the goal is the same: to dominate production in strategically important industries by\r\nstealing ideas from other nations.\r\nToday’s charges mark an important step in revealing to the world China’s continued practice of stealing\r\ncommercial data.  Responding to that conduct requires a strategic approach to the threats that China poses.  That is\r\nwhy the Department of Justice recently announced an initiative to address the full range of threats. One tactic is to\r\nincrease our enforcement efforts. Another is to conduct foreign investment reviews to protect against China\r\nimproperly acquiring sensitive information. A third is to find ways to better protect our telecommunications\r\nnetworks.\r\nChina stands accused of engaging in criminal activity that victimizes individuals and companies in the United\r\nStates, violates our laws, and departs from international norms of responsible state behavior.  Exposing these\r\nactions through the criminal justice system is a valuable tool.  Faced with the detailed factual allegations released\r\ntoday, and the corroborating statements of other victimized nations, China will find it difficult to feign ignorance.\r\nAmerica and many allies know what China is doing. We know why they are doing it. And in some cases, we even\r\nknow which individual people are doing it in association with the Chinese government.\r\nThe alleged criminals in this case are named Zhu Hua and Zhang Shilong. We hope the day will come when the\r\ndefendants face justice under the rule of law in a federal courtroom. \r\nUntil then, they and other hackers who steal from our companies for the apparent benefit of Chinese industries\r\nshould remember: there is no free pass to violate American laws merely because they do so under the protection of\r\na foreign state.  The Department of Justice and the FBI will continue to use all available tools to respond to\r\nChina’s economic aggression and the threat that these actions pose to the prosperity and security of the United\r\nStates and other nations that respect the rule of law.\r\nSource: https://www.justice.gov/opa/speech/deputy-attorney-general-rod-j-rosenstein-announces-charges-against-chinese-hackers\r\nhttps://www.justice.gov/opa/speech/deputy-attorney-general-rod-j-rosenstein-announces-charges-against-chinese-hackers\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.justice.gov/opa/speech/deputy-attorney-general-rod-j-rosenstein-announces-charges-against-chinese-hackers" ], "report_names": [ "deputy-attorney-general-rod-j-rosenstein-announces-charges-against-chinese-hackers" ], "threat_actors": [ { "id": "04b07437-41bb-4126-bcbb-def16f19d7c6", "created_at": "2022-10-25T16:07:24.232628Z", "updated_at": "2026-04-10T02:00:04.906097Z", "deleted_at": null, "main_name": "Stone Panda", "aliases": [ "APT 10", "ATK 41", "Bronze Riverside", "CTG-5938", "CVNX", "Cuckoo Spear", "Earth Kasha", "G0045", "G0093", "Granite Taurus", "Happyyongzi", "Hogfish", "ITG01", "Operation A41APT", "Operation Cache Panda", "Operation ChessMaster", "Operation Cloud Hopper", "Operation Cuckoo Spear", "Operation New Battle", "Operation Soft Cell", "Operation TradeSecret", "Potassium", "Purple Typhoon", "Red Apollo", "Stone Panda", "TA429", "menuPass", "menuPass Team" ], "source_name": "ETDA:Stone Panda", "tools": [ "Agent.dhwf", "Agentemis", "Anel", "AngryRebel", "BKDR_EVILOGE", "BKDR_HGDER", "BKDR_NVICM", "BUGJUICE", "CHINACHOPPER", "ChChes", "China Chopper", "Chymine", "CinaRAT", "Cobalt Strike", "CobaltStrike", "DARKTOWN", "DESLoader", "DILLJUICE", "DILLWEED", "Darkmoon", "DelfsCake", "Derusbi", "Destroy RAT", "DestroyRAT", "Ecipekac", "Emdivi", "EvilGrab", "EvilGrab RAT", "FYAnti", "Farfli", "Gen:Trojan.Heur.PT", "Gh0st RAT", "Ghost RAT", "GreetCake", "HAYMAKER", "HEAVYHAND", "HEAVYPOT", "HTran", "HUC Packet Transmit Tool", "Ham Backdoor", "HiddenFace", "Impacket", "Invoke the Hash", "KABOB", "Kaba", "Korplug", "LODEINFO", "LOLBAS", "LOLBins", "Living off the Land", "MiS-Type", "Mimikatz", "Moudour", "Mydoor", "NBTscan", "NOOPDOOR", "Newsripper", "P8RAT", "PCRat", "PlugX", "Poison Ivy", "Poldat", "PowerSploit", "PowerView", "PsExec", "PsList", "Quarks PwDump", "Quasar RAT", "QuasarRAT", "RedDelta", "RedLeaves", "Rubeus", "SNUGRIDE", "SPIVY", "SharpSploit", "SigLoader", "SinoChopper", "SodaMaster", "Sogu", "TIGERPLUG", "TVT", "Thoper", "Trochilus RAT", "UpperCut", "Vidgrab", "WinRAR", "WmiExec", "Wmonder", "Xamtrav", "Yggdrasil", "Zlib", "certutil", "certutil.exe", "cobeacon", "dfls", "lena", "nbtscan", "pivy", "poisonivy", "pwdump" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775490832, "ts_updated_at": 1775791958, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/ed7a317c62caedccfec32622a7c6b3f0650bfe2b.pdf", "text": "https://archive.orkl.eu/ed7a317c62caedccfec32622a7c6b3f0650bfe2b.txt", "img": "https://archive.orkl.eu/ed7a317c62caedccfec32622a7c6b3f0650bfe2b.jpg" } }