US charges Chinese hackers over COVID-19 vaccine cyberattacks

Nation-state hackers from around the world have been looking to steal details about a vaccine for the coronavirus pandemic, US officials said.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
3 min read

Chinese hackers are being charged with allegedly stealing COVID-19 vaccine research, the Department of Justice said on Tuesday.

Bill Hinton Photography / Getty Images

The US Department of Justice is charging two Chinese hackers with cyberattacks intended to steal company secrets -- including against researchers working to develop a coronavirus vaccine. 

In court documents released Tuesday, the US accused Li Xiaoyu and Dong Jiazhi, two Chinese nationals who allegedly hacked on behalf of the Chinese government. The indictment says that the presumed hackers researched vulnerabilities in the networks of research firms known for working on COVID-19 vaccines. 

Prior to the pandemic, the two had been responsible for hacking businesses, gaming software makers, and pharmaceuticals and technology companies to steal their secrets, the indictment says. The Justice Department said the first attack was discovered in Hanford, Washington. Victims were in countries including the US, Australia, Belgium, Germany, Japan, the UK and South Korea. Prosecutors said the hackers had been stealing secrets since at least September 2009.

Watch this: Chinese hackers charged with allegedly stealing COVID-19 vaccine

Xiaoyu and Jiazhi stole "hundreds of millions of dollars' worth of trade secrets, intellectual property, and other valuable business information," prosecutors said. The targets also included defense contractors and information related to military satellite programs. 

The two would use known vulnerabilities that had not been patched, or newly-discovered security flaws provided by the Chinese government, according to the indictment. They would often steal passwords and continually access a network while remaining undiscovered.

"The scale and scope of the hacking activities sponsored by the PRC intelligence services against the US and our international partners is unlike any other threat we're facing today," FBI deputy director David Bowdich said at a press conference Tuesday. 

In May, the FBI said it was investigating hacking attempts from China against COVID-19 vaccine research centers. China isn't the only country looking to gain an advantage in the pandemic through cyberattacks. Officials from the UK, Canada and the US also have accused Russian hackers of attempts to steal information about a COVID-19 vaccine. 


US prosecutors charged Li Xiaoyu and Dong Jiazhi with a decades-long hacking campaign to steal intellectual property around the world.


To date, there have been more than 14 million confirmed COVID-19 cases globally, with 610,000 deaths. Infection rates are surging in the US, while countries that have stringently enforced social distancing and face mask policies have shown good results at keeping the outbreak in control. 

Researchers around the world are racing to develop a vaccine for the highly infectious disease, and the first country to release one would likely have global and financial advantages for years to come. On Tuesday, an Oxford University team said it had promising results with its coronavirus vaccine trials

The alleged hackers had targeted a Maryland biotech company that was researching a vaccine for COVID-19, as well as a Massachusetts company that had been working on developing treatments for the disease. Xiaoyu and Jiazhi also targeted COVID-19 treatment researchers in two California firms in February and May, said William Hyslop, a US attorney for the Eastern District of Washington.

While the indictment doesn't state whether the hackers obtained any of the crucial research, there's still worry that even an attempted cyberattack can affect vaccine development. John Demers, assistant attorney general for national security, said that researchers would still need to make sure that the targeted data wasn't manipulated during the process. 

"We are concerned that the hacking or even the attempted hacking of that information can slow down the research," Demers said. 

In addition, the hackers had helped the Chinese government spy on Chinese dissidents, including an organizer in Hong Kong, a former Tiananmen Square protester and two Canadian residents who pushed for liberating Hong Kong. 

Court documents show that the Chinese hackers had been responsible for stealing terabytes of data from technology companies in the US, including documents related to projects with the US Air Force and the FBI.

See also: Protect your Android phone from malware: 4 signs you have it, and what to do

Watch this: Russian hackers look to steal coronavirus vaccine info, TikTok tries damage control