A hacking duo accused of being "on call" for the Chinese government's Ministry of State Security has been indicted in the US for targeting an Australian defence contractor and solar energy engineering company.
Li Xiaoyu, 34, and Dong Jiazhi, 33, allegedly stole approximately 320 gigabytes of documents, source code, engineering schematics and technical manuals from the defence contractor.
Li and Dong also conducted surveillance on US biotech firms working on COVID-19 vaccines and businesses in the UK, Japan, Belgium, Germany, Sweden, Lithuania, the Netherlands, Spain and South Korea, according to US prosecutors.
"These intrusions are yet another example of China's brazen willingness to engage in theft through computer intrusions contrary to their international commitments," US Assistant Attorney General John Demers told reporters in Washington DC.
The hacking allegations against the Australian defence contractor, solar engineering company and other firms, governments and individuals are contained in a 27-page federal grand jury indictment.
The Australian Signals Directorate, Australian Cyber Security Centre and the foreign affairs and home affairs departments said in a statement on Wednesday it was a concerning compromise of networks "for commercial and personal gain".
"Of particular concern, these individuals also reportedly targeted COVID-19 research as well as political dissidents, religious minorities and human rights advocates," the agencies said.
"Australia reiterates our call to all countries to refrain from behaviour which violates their international commitments.
"We welcome actions designed to hold malicious cyber actors to account."
Li and Dong, both nationals and residents of China, were classmates at an electrical engineering college in Chengdu, China.
The FBI has released wanted posters for the two men.
The 11-count indictment alleges their hacking campaign lasted more than 10 years and involved terabytes of data.
They stole "hundreds of millions of dollars" in trade secrets and intellectual property from companies and targeted individual dissidents, clergy, and democratic and human rights activists in Hong Kong, China and other parts of the world.
The identities of the Australian defence contractor and solar business were not disclosed in the indictment.
The defence contractor was allegedly hacked on April 18 last year and the solar business earlier this year.
Li and Dong face charges including conspiracy to commit computer fraud, conspiracy to commit theft of trade secrets and aggravated identity theft.