Apt41 hackers, others charged in hacking, crypto-jacking, and ransomware global attacks; over 100 companies victimized 


Apt41 hackers and other cybercriminals are charged with computer crimes, including intellectual property (IP) theft, ransomware attacks, and crypto-jacking. 

According to the U.S. Department of Justice (DOJ), a federal grand jury in Washington D.C. charged seven international hackers with cybercrimes in three separate indictments in August 2019 and August 2020. 

Two Malaysian citizens, Zhang Horan and Tan Dailin have been charged in a 25-count indictment. Three Chinese nationals, Jiang Lizhi, Qian Chuan, and Fu Qiang are charged in a 9-count indictment. And two other Chinese nationals, Wong Ong Hua and Ling Yang Ching were charged in a 25-count indictment

Signup for the USA Herald exclusive Newsletter

Defendants used sophisticated and troubling cyber-criminal scheme

“The scope and sophistication of the crimes in these unsealed indictments are unprecedented. The alleged criminal scheme used actors in China and Malaysia to illegally hack, intrude and steal information from victims worldwide,” Michael R. Sherwin, Acting U.S. Attorney for the District of Columbia said in a statement.

 “As set forth in the charging documents, some of these criminal actors believed their association with the PRC provided them free license to hack and steal across the globe.  This scheme also contained a new and troubling cyber-criminal component, the targeting and utilization of gaming platforms to both defraud video game companies and launder illicit proceeds.”

The list of victims is extensive. The hackers have been linked to computer crimes that have impacted over 100 companies,  individuals, and organizations in the United States, South Korea, Singapore, Japan, Australia, and many other countries around the world. 

The defendants allegedly hacked software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

Five of the defendants are citizens of the People’s Republic of China (PRC), where they are living as fugitives. And one of the PRC hackers has allegedly boasted of his connections to the Chinese Ministry of State Security.

The DOJ is determined to neutralize malicious nation-state cyber activity

The computer crimes have been tracked using the threat labels Apt41 hackers, Barium, Winnti, Wicked Panda, and Wicked Spider. These labels were used in the theft of source code, software code signing certificates, customer account data, and valuable business information.  

The hackers were allegedly involved in racketeering and other crimes. This includes ransomware attacks and crypto-jacking, in which a group hacks into a victim’s computer to “mine” cryptocurrency. 

 “Today’s charges, the related arrests, seizures of malware and other infrastructure used to conduct intrusions, and coordinated private sector protective actions reveal yet again the department’s determination to use all of the tools at its disposal and to collaborate with the private sector and nations who support the rule of law in cyberspace,” Assistant Attorney General John C. Demers said.  “This is the only way to neutralize malicious nation-state cyber activity.”

The Malaysian connection 

Two defendants have been arrested in Malaysia, where they are currently being held for extradition. The two Malaysian businessmen are accused of conspiring with two of the Chinese hackers targeting the video game industry in the United States and abroad.

On Sept. 14, 2020, Malaysian authorities arrested the suspects in Sitiawan. The arrest warrants and the resulting seizure of hundreds of accounts, domain names, servers, and command-and-control (C2) web pages. These C2 or dead-drop web pages are used by the defendants to conduct their computer offenses. 

The U.S. Attorney’s Office for the District of Columbia, the National Security Division of the Department of Justice, and the FBI’s Washington Field Office jointly conducted an investigation into the online activities of Apt41 hackers and other cybercriminals.

Microsoft, Google, Facebook, and  Verizon Media provided investigative support to law enforcement agencies. The Cyber Division of the FBI worked on the case in conjunction with the Justice Department Office of International Affairs with the cooperation of Interpol.

A recent Interpol alert warns that online security measures are often more vulnerable than those in a brick-and-mortar workplace. And cyber-crime is increasing. Computer hacking criminals cause disruption, steal data, and generate off-the-book profits themselves globally.


Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want to contribute a story? We also accept article submissions — check out our writer’s guidelines here.