Urn STAGES DISTATC? vUR SOUTAERY DISTXi RA YORI UNITED erRvES GY AMtRTER aut mua, qa ce. alk/n *Rowae, afkfe Cyn ayk/= “Alayou,* aik/a. “Codie Za ga11cM, ey afleia “Bucs oe ed couNe OME (Conapizacy to Commit Computer Tatrusione) Tae Grand Jury charges OvERVZEN 1, An alll times relevant Lo Uhis yams, ZANT TCR © afkja “alayor." (RE), afila “etwar,” sfefa Som, seodki lier," ana ZHANG SHILONG 14 L72), a/k/a “hesbed long," aikfa “Zhang Thuuwus,’ a/k/a “stveerp," the defendants, bolk of epuolic of dna (SCHR), won waze nazionily ef the People’s were memsara of a li ing in Ceina csown within ning 4 veraintent Threat 10 Lhe eyber neourity community aw Advan ag “led Apelle,” "ewint, " (hee SAPYLO Sromp"}4, STUN sstone Panda,” “MenuPasa,” From a: learn in ep shout 7006 ap Lo and ‘neludi wp, ameLeding ATT aR aL 2018, markers of the APTLG Cro 05," aff *Gadici Ver," adk/s *Afvu," efkefa “SUNK,” a/k/a "ALS ONe, a/k/a “Bavbellorg," a/k/a “yhsng Tange," and aHaNG 8 tendanls, conducted extensive samoaigus alga “creep,” s inte commuter wyetene, The defendants ff qlonal Maitai Seierse and Tevhnot ogy Tevelopnens moeked s, Chia, ané acsed in ceapany {"fuaylag Eaicai? sition with the Chinere Minigixy of Stale seeurinyts ‘Miawiin stare Security Buresr wed similar hacking tools 2. While the ADTLO Group a1 ung tacknigques over the course of ita deroarteut lag efenrer, vicLin se! acsion, und Moreowsr, the APTLO Groay vsiliged same of the sane ate i ate, faci Lilate, and ex DAP? da a depionation given in che eyber Individual or guomp taal uses sophfativated exploit vulnerabilitics in victim computer systems ana emp! and control symren te turget a mpeciLic nieistlain a pereistent presences au external ampaigas dure the conspivany, ukezely reflecting Lhe sera about 2EE6 aenf and sawelonting etfert, Som is Group's contie ne aleal lechmoloqice and up bo and inelyding f9 or about 2 otic infarration of value t the comupiracy. For cxample, 38 detailed husoir, the APTLO Granp wae engaged in at leas two computes intzusien canpaigss duck both aiming te wtval, aweng sthes dar, and soafldential buginese or cecaelegical a. viven, besdaning about 20s, mec 6 Gromp, including JEU HUR, a/k/s “Atwar," a/ieja SOW, TLORG, aflela ake: salayon,” a/k/a “ockiller," and ZmTEMe whacbeilong," a/k/a “Shang Wtangue,’ afk/s “Akwoexg," the defendants, engaged in an iatresion campaign to obteia Unenthorized accana te khe comp wp and eompucer networks of comercial ané defence tacknelesy conpanies and J.8. Government agencies in order to crea’ information ané duiu voncemisg & gunna: of Lechnalagies (the “Tecknology hetr Campasgn”} geci*feally, che APTLO Group cinnained Luau Lhe computers of uure than 45 such evhities haved in at leust 12 ptatey, ineluding Arizers, California, tnvectieut, Vorica, varysond, New York, Olio, Pemnaylyanin, vewes, Jkeh, virginia, ac$ Wiaconvin, ‘Through the ‘ecasology cheFr Campaign, the abrio dala and targered Group stele Hurdreds ol gigubyles of eensinive the comouzezs of victi companize involved in a diverse us comercial ackivicy, industries, and Lockuclogies, including avintion, pace ane sa! bechnology, manuzaclusing technology, gharmareutinal (eeknology, 21 and cay explecalion somouber und procuetien teekuolegy, conmmications Luvhno” ogy penvessor tecssoleny, and ma 7% bb, Becore, beqimaing at leart in oz abcul Zou, wenbara o£ the APTLY Group, tseluding ZeU and AUANG, engaged La an ion campaign Lo ohtain usauthorized access to the conguless and computer neLnozks of managed serves prowiders OMSPu") for burinerwes aad guvezanent= around the world {the ‘une ‘Tacft Cunpaign’}. ¥SPs are companies shat renotely uarage chair clienie! infowmacion technology Lafragcrvetnes, dneledil fort, atorage, nelworking, soneu-ting geoviding cony gupport. The APT: and Lalormation techno: velba in crdez to leverage the MEPS! netwarce to quin unauthorized avvees to the corputary and computer retwosks ether dala, intellects fente und gleal, stom property and qoneidentiul business dare on a global scale, vor ULzough the MSP Thef Campacgn, the APTLO C. . obtained unsuthovined access to Lhe compitera o* an USP that had ‘omiged the oifines in he southern DiuLelet ot Mew York ano sony gata of that USP and cercain of ite ¢ jants located in al least > couulvies, fnoluding Bears i, Canada, inl Cenwany, India, Japan, Sweden, Sviteerlund, che Maited Areb tre Tniued eaves. Thoge Enigaten, the Uniced «ingdom, and clients included compacios comprouis wee areay of conmereta: telanonmunications Lechnologia#, imelvcing panting avd tinane and sonstitey eleetzonics, tedical eqmipnent, yackaging, otecknoLogy manitauluzing, conwulliag, dealtheare sutemevive, oi] and gas caplovation, asd mining. od more Lie SeFLO Group compron: ial data bron these faan 4) compuzezy in ardes to sleal contice e Uniked SLatee Department of the Kuxy stun aston: anfornatde: ithe “Sawy"}, including the personally !éenrizishl of wore thus 100,000 Navy personel uo OF THE CONSPIRACY MEANE AND 10 novogy These cr sis deyes 6. Mavbess of Ube ABIIO Group, dnc! nding ZHU =k, a/k/s » ard water," afkfa “INE, © afk/a “Mayon, © afk/a *Gndkitler THEN obzilong," a/k/a “ubarg Tiangue, vacucoxp," the dofondacte, eagaged in the Collowang phages activity chasuzate ard ranaye Ube computes intrusions y TaefL Campaign, which 2re committed ducing che Tou seneva! Ly eamarizeé below a. Pixel, men techaigqu: known ae “spear priahiag’ co ispredues aalicious mpubers, Mebors of the } onze Laxgeredd se WAL, onded t sonupiracy pant castorined wd docurenks aud files that soalé eucreoliliownly ins! ualware if opened. In order to trick the ~acipicals of the Ip july pening the attachments of Lhe email upear phishing saat dastelled ths aalyare, fp purported to be veat fron legitimate emai. addvessen, vheu Li fact the emails were seat by nembass of the aonapicacy. Tn addition, the content of the: appearad to snamee of Lhe abcaeans consi mawaayes and the © be legitémate und contain iaiozstien of lacerern te Lhe yor-ed te pientin. Foe cxample, one spear prishl: LL a wishin company mule from aa ena (ienim 1} iovelwvea da cormni cats mology, when th priginuled trem a different account, which was meffllisted with ¥iohin-1 wad Legged in from a conmnier a Jay ntemet peoocel ("IP") wideeuu! Iecatad én Tianjin sr of th china enser the cont’ APYLO Group. That ema? l, satel ae) Lebim- way gent te amaleyors of arokhar wivtim company (4 the eubject Line “cr ve elicoptar suaufactuing, Antensa probloms,” a malicuvug mtororott Wurd attachment saned » aud stated che fe eida Loud ot Teutin . Lowing: coe the attavhed the tilew.? when che arcachent naec wan opened, walvare waa inslalled A Wetsdaus ck fou che computer ef viewim2 sar phiphing Ly and die o: omsils to open the alLachmerte without arousing suspicion #a Lo the cource of Lie snail or ins achvants b. nd, once a recipient ot a spear phishing acghtent ko the emad?, the attachment small upenes Rae 5 jnetulled malware oa the vierin's computer dea custem.ued varienta of 2 renate ding one Imow ay "Peisey Ivy” and key: 3, which ase programe that ¢ rengurce sonuegzed to the F Bach electronde devies or coupe imternst mus. be apaigned a unique ©? addcous 20 that rmunicationa seca us divected to Lu electronic deviee are route: computer keystrokes lo steal uaesniees and pasawords as Uke urer sand b of the vieLin systera tyood them. Tac malsare war pi counmécate with donsing thak were assigned wacenatical of compuless under the sentzel of manbers of the APIO allowing them ta waincain vielbility end persiswent kennte accawy Lo che conprouised computers ever the tress = Bouin Nome syerem Ta particu ar, the APYIO cious domalns, care fe providers vo hoa thele wal ingiudins & provider Iseted in the Son York, which ellewes rhe APT: walivious devains in Us 2 of omaeullon enamled weip genta). This a5 conuubexs undex the ARTIC Croup co trequeally end mapidly vhange Bae IF domaine wtheul ls addvesees usuociated with Uneir matic fae wulnare upatarn, providing ths APTLO Gzoup with opexnitonsl Flectbility and serulstence, aa well ay helping then avoid astect: yornnizng nelwozk security Eliters that mighs block ident Fie wel Ades: * cd, aftex the aulware wan aueveustclly ingtuLled. ap dewilouded aidistorsl malware and fools Uo compromived covpater vygzenn in order to furhace enpremige the viebin’s computer a. Keursk e the APTI0 Geoup had gaiaes mnguchovinad acueus te a vieLle’s conmters and ident of intexest on these vomputere, bio ASIA Grouy vollected fhe aelevant files and offiee Inforration Crow Une compzonived cé the atolen files and infornalion im weuputera and exfilt ancryplod archives Le conpnteze under their cuuleel. 5. Over the ccurue of the Techuology Thezt Camp: the defendanta and their couunugiranors auceoustully obteim wuuuthorized ueceus to ab Loust approxinately 3% compatery belonging to, anoag others, commercial and defense tecznoluyy conpanics and U.8. Covsenment aqeneles Tocaked in at leant wyleg of neneilive data and > 8 mundevds of 4! tates, und ot ancluding few at least information £2zom their coupules ayske the Jol lowing viecime a. deven companies involved in mviution, pac tectawlosy: acéfow wali b. three capa « nece corpaniny lavulved in mansfacturing 4 advanced elechrania syulcas and/or Lsbosatory analyt. ved in maritime Levkrology: productig nadine sdvinigleal ion jomal Aezonsn (oasa"} Godden Genser; and get propnielen Lshevanony, 9 the datend: 6. Im addition to Une above vicki eeiully obteines uaanthor! zed accu she coconap: tara belonging te ak leaul 2b other technolowy-related A companies involle uorg othe: Uniega, indsetrlal faerovy automation, vader techuclogy, off explocation, 4 ucice | massfacturing, Leemoleqy services, phi and computes peocennay technology, ae wall as the J.8. D Ensigy'¢ hewkaley ational Labo: The NYE Ihett Cungaigm Le Lo conduct the MS! ‘Thett Camgaign, membexs of cee APTIO © ding “i HOR, afafa Sntwar," aflfa “ON afhia “Ale, aykja “Oodki ler," and ZHAN SUTLONG, a/k/s specbeitoas," a/is/a “Rhuag Sanguo,” a/lfu “Abreemp," the