Tags: DOJ Charges 12 Chinese Hackers in Global Cyber Espionage Scandal
The U.S. Department of Justice has charged 12 Chinese nationals, including two officers from China’s Ministry of Public Security (MPS), in connection with a global cyber espionage operation. The accused are alleged to have engaged in widespread hacking activities, targeting government agencies, dissidents, and private organizations on behalf of the Chinese government.
The indictment, unsealed in the Southern District of New York, details a sophisticated hacking scheme linked to Anxun Information Technology Co. Ltd., also known as i-Soon. The company, according to prosecutors, acted as a front for the Advanced Persistent Threat 27 (APT27), a notorious hacking collective allegedly operating under orders from the MPS and China’s Ministry of State Security (MSS).
Authorities say i-Soon conducted cyberattacks against a range of targets, including U.S.-based critics of the Chinese Communist Party, religious organizations advocating for human rights, foreign ministries in Asia, and multiple U.S. government agencies, including the Department of the Treasury.
“These charges should demonstrate that we will use all available tools to identify you, indict you, and expose your malicious activity for all the world to see,” said Bryan Vorndran, Assistant Director of the FBI’s Cyber Division.
The DOJ alleges that i-Soon was not only engaged in state-sponsored cyberattacks but also operated as a for-profit hacking service. Prosecutors say the company openly advertised hacking-for-hire services, offering access to compromised email accounts for fees ranging from $10,000 to $75,000. Investigators also found evidence that at least 43 intelligence bureaus in China purchased stolen data from i-Soon.
Among those charged in the indictment are Wu Haibo, CEO of i-Soon, who is accused of masterminding its cyber operations; Chen Cheng, the company’s COO; and MPS officers Wang Liyu and Sheng Jing, who allegedly oversaw espionage efforts. Also indicted were Yin Kecheng and Zhou Shuai, known by the alias “Coldface,” who are accused of hacking into U.S. Treasury systems.
Prosecutors say the operation ran from 2016 to 2023, with i-Soon using spear phishing and other cyber intrusion methods to infiltrate email accounts, cell phones, servers, and websites. The company allegedly amassed tens of millions of dollars through these illicit activities. Specific attacks outlined in the indictment include a distributed denial-of-service (DDoS) attack on a New York-based newspaper, the compromise of email accounts belonging to U.S. Defense Intelligence Agency employees, and the hacking of a large U.S. religious organization’s email servers.
The DOJ has seized i-Soon’s primary domain and dismantled several of its hacking infrastructure nodes. The U.S. State Department is offering a reward of up to $10 million for information leading to the arrest of the suspects, who remain at large in China.
Legal experts say the case marks one of the most significant crackdowns on Chinese state-sponsored hacking efforts to date. U.S. officials have vowed to continue pursuing cybercriminals linked to foreign governments.
“This is a clear message that no hacker, regardless of where they operate, is beyond the reach of justice,” a DOJ spokesperson said.
The defendants face multiple charges, including conspiracy to commit computer intrusions, wire fraud, and asset forfeiture related to their cyber operations. If convicted, they could face significant prison time.
Cute, I’m sure Beijing is quaking in its boots over some strongly worded indictments that will never actually result in an arrest.
These guys probably stole more secrets before breakfast than most companies protect in a year, and what’s the U.S. government’s big counter move? A press release and some un-cashable warrants. That’ll show ‘em! Meanwhile, the hackers are probably getting promotions and bonuses for a job well done.
The real takeaway here? If your cybersecurity strategy depends on hoping the DOJ eventually catches foreign operatives, you might as well start printing out your passwords and mailing them overseas yourself.
For being hackers they didn’t do a good job for covering up there tracks. Got comfortable and lazy and look what happened!!
Despite the serious nature of these allegations, it’s hard not to appreciate the audacity. While the U.S. Justice Department is offering up to $12 million in rewards for information leading to the capture of these individuals , it’s unclear whether the hackers are still operating or have moved on to more lucrative endeavors, like selling NFTs of their exploits.
DOJ’s recent charges against 12 Chinese nationals for a decade-long cyberespionage campaign are both alarming and eye-opening. The fact that these hackers, allegedly linked to China’s Ministry of Public Security and Ministry of State Security, targeted over 100 organizations—including the U.S. Treasury Department—is a stark reminder of the evolving nature of cyber threats .
It’s particularly concerning that private companies like i-Soon were reportedly involved, operating as hacker-for-hire outfits that sold stolen data to Chinese government agencies . This blurs the lines between state-sponsored and independent cybercriminal activities, making it even more challenging to defend against such threats.
The use of sophisticated techniques like spear-phishing and supply chain attacks by groups such as APT27 (also known as Silk Typhoon) underscores the need for robust cybersecurity measures across all sectors . It’s a wake-up call for organizations to reassess their security protocols and for governments to enhance international cooperation in combating cybercrime.
While the indictments are a step in the right direction, the fact that the accused remain at large highlights the complexities of enforcing cyber laws across borders. It’s imperative that we continue to develop strategies to deter such activities and protect our digital infrastructure.