Ex-Verizon, Infosys Employee Researched U.S. Cyberattacks for China

A former Verizon employee has been sentenced to four years in prison after pleading guilty to conspiring to serve as an agent of the People’s Republic of China (PRC).

Ping Li, an IT worker living in Wesley Chapel, Florida, fed information to the Ministry of State Security (MSS), China’s civilian intelligence agency. That information touched on U.S.-based pro-democracy advocates, as well as his employer and U.S.-focused "hacking events." Notably, MSS asked Li for information about the 2020 SolarWinds supply chain attack.

A U.S. citizen who came to the U.S. from China, Li worked as a software engineer at Verizon for more than 26 years, and then has been a software engineer at Infosys since 2018.

In addition to the prison sentence, Li has been ordered to pay a $250,000 fine.

The FBI investigated the case against Li.

According to Recorded Future, China’s government has focused on breaching telecommunications companies around the world. This includes breaches by the Chinese hacking group Salt Typhoon of Verizon, AT&T, Lumen Technologies and T-Mobile.

Ex-Verizon Employee Served As Cooperative Contact

According to the U.S. Department of Justice (DOJ), Li said he worked as a "cooperative contact" for the MSS starting as early as 2012. He acquired information about multiple c=subjects, including Chinese dissidents and members of a non-approved religous group called Falun Gong. He also shared information about his employer, communicating through online accounts and also traveling to the People's Republic of China.

Related:Salt Typhoon Reportedly Hacks AT&T, Verizon, Lumen

The former Verizon employee also provided the MSS with information obtained from his employer. He used a variety of anonymous online accounts to communicate with the MSS, and traveled to the China to meet with the MSS, according to the DOJ.

The federal government linked the following activity to Li:

An MSS officer in March 2015 asked Li about Verizon branch offices in China, and Li provided the information three weeks later. The MSS in March 2017 asked Li for a training instruction plan, and Li in April said he had uploaded the materials. The agency in 2021 asked Li about hacking events that targeted U.S. businesses. That appears to be the attack that used the remote monitoring and management software company SolarWinds as a trojan horse into multiple U.S. companies and government agencies. Li reportedly responded with information within four days.

Then in March 2022 the MSS asked Li about his employer Infosys and its cybersecurity training, and Li complied. Infosys works with multiple large private and public customers, including the National Institute of Environmental Health Sciences, the Defense Health Agency and the Federal Acquisition Service.

Lastly, MSS in June 2022 asked about a PRC resident that had fled to the U.S., and Li provided information about that person's suspected residential address.