Two hackers sought by the FBI on suspicion of spying for the Chinese government also targeted a Belgian company, according to the federal Computer Crimes Unit.
The two men, Li Xiaoyu and Dong Jiazhi, are currently at large. They have meanwhile been indicted for industrial espionage, having stolen business secrets from the computer systems of US companies – and one unnamed company in Belgium.
The technique used to gain access is known as a Trojan Horse or trojan. The hacker sends a message to a user of the system targeted, framed in such a way as to encourage them to open it. In a parody of security, the message is encrypted, but the mail contains a key to decrypt it.
When the key is opened, the message installs a piece of malware on the computer which then allows the hacker access to the entire system.
The US Justice Department thinks the two men have been active since 2009, stealing information from US companies in the software, defence, gaming, and biotech sectors. They were only discovered after hacking into a site of the Department of Energy.
According to Belgian MP Samuel Cogolati (Ecolo) the indictment also lists a Belgian company, but it cannot be named.
“The name is classified,” he told the RTBF. “On the other hand, we learn that it is a high-tech company which had 142 GB of documents stolen concerning its economic activities. The company is involved in highly specialised fluid dynamics research.”
The field has applications all the way from 3D gaming to the detonation of nuclear weapons. The Justice Department thinks they were looking for information on Covid-19 tests, treatments and vaccines – despite the fact that the victim companies were mainly attacked in the period between 2015 and 2019, before the pandemic started.
As well as stealing company and military intelligence, the pair are also accused of stealing information on Chinese dissidents abroad, among them a former Tiananmen Square protestor and a Christian priest.
Meanwhile the Brussels prosecutor’s office has opened a case regarding offences that date to 2018, although Olivier Bogaert of the federal Computer Crimes Unit says the hackers appear to have been busy on the company’s system since 2009.