Tags: DOJ Charges 12 Chinese Hackers in Global Cyber Espionage Scandal
The U.S. Department of Justice has charged 12 Chinese nationals, including two officers from China’s Ministry of Public Security (MPS), in connection with a global cyber espionage operation. The accused are alleged to have engaged in widespread hacking activities, targeting government agencies, dissidents, and private organizations on behalf of the Chinese government.
The indictment, unsealed in the Southern District of New York, details a sophisticated hacking scheme linked to Anxun Information Technology Co. Ltd., also known as i-Soon. The company, according to prosecutors, acted as a front for the Advanced Persistent Threat 27 (APT27), a notorious hacking collective allegedly operating under orders from the MPS and China’s Ministry of State Security (MSS).
Authorities say i-Soon conducted cyberattacks against a range of targets, including U.S.-based critics of the Chinese Communist Party, religious organizations advocating for human rights, foreign ministries in Asia, and multiple U.S. government agencies, including the Department of the Treasury.
“These charges should demonstrate that we will use all available tools to identify you, indict you, and expose your malicious activity for all the world to see,” said Bryan Vorndran, Assistant Director of the FBI’s Cyber Division.
The DOJ alleges that i-Soon was not only engaged in state-sponsored cyberattacks but also operated as a for-profit hacking service. Prosecutors say the company openly advertised hacking-for-hire services, offering access to compromised email accounts for fees ranging from $10,000 to $75,000. Investigators also found evidence that at least 43 intelligence bureaus in China purchased stolen data from i-Soon.
Among those charged in the indictment are Wu Haibo, CEO of i-Soon, who is accused of masterminding its cyber operations; Chen Cheng, the company’s COO; and MPS officers Wang Liyu and Sheng Jing, who allegedly oversaw espionage efforts. Also indicted were Yin Kecheng and Zhou Shuai, known by the alias “Coldface,” who are accused of hacking into U.S. Treasury systems.
Prosecutors say the operation ran from 2016 to 2023, with i-Soon using spear phishing and other cyber intrusion methods to infiltrate email accounts, cell phones, servers, and websites. The company allegedly amassed tens of millions of dollars through these illicit activities. Specific attacks outlined in the indictment include a distributed denial-of-service (DDoS) attack on a New York-based newspaper, the compromise of email accounts belonging to U.S. Defense Intelligence Agency employees, and the hacking of a large U.S. religious organization’s email servers.
The DOJ has seized i-Soon’s primary domain and dismantled several of its hacking infrastructure nodes. The U.S. State Department is offering a reward of up to $10 million for information leading to the arrest of the suspects, who remain at large in China.
Legal experts say the case marks one of the most significant crackdowns on Chinese state-sponsored hacking efforts to date. U.S. officials have vowed to continue pursuing cybercriminals linked to foreign governments.
“This is a clear message that no hacker, regardless of where they operate, is beyond the reach of justice,” a DOJ spokesperson said.
The defendants face multiple charges, including conspiracy to commit computer intrusions, wire fraud, and asset forfeiture related to their cyber operations. If convicted, they could face significant prison time.
Cute, I’m sure Beijing is quaking in its boots over some strongly worded indictments that will never actually result in an arrest.
These guys probably stole more secrets before breakfast than most companies protect in a year, and what’s the U.S. government’s big counter move? A press release and some un-cashable warrants. That’ll show ‘em! Meanwhile, the hackers are probably getting promotions and bonuses for a job well done.
The real takeaway here? If your cybersecurity strategy depends on hoping the DOJ eventually catches foreign operatives, you might as well start printing out your passwords and mailing them overseas yourself.