US Justice Department Charges 12 Chinese Nationals in Massive Cybersecurity Breach
The Department of Justice (DOJ) has announced charges against 12 Chinese nationals for their alleged involvement in a series of cyberattacks targeting over 100 US organizations, including the Treasury Department. The attacks, which date back to 2013, were reportedly carried out independently or under the direction of China’s Ministry of Public Security (MPS) and Ministry of State Security (MSS).
Among the accused are two MPS officers, eight employees of a company called i-Soon, and two members of the hacking group APT27, also known as Silk Typhoon. The indictment reveals a complex network of state-sponsored and private hacking activities that have caused significant damage to US interests.
i-Soon, described as an “ostensibly private” Chinese company, is at the center of the allegations. The firm allegedly developed sophisticated hacking tools capable of infiltrating popular platforms such as Gmail, Microsoft Outlook, Twitter, and X. Additionally, i-Soon created a “Public Opinion Guidance and Control Platform” for monitoring overseas public opinion.
The company’s activities reportedly generated tens of millions of dollars as part of China’s hacker-for-hire ecosystem. i-Soon conducted cyber intrusions at the behest of the MSS or MPS, as well as independently, selling stolen data to various bureaus. The firm charged between $10,000 and $75,000 for each successfully exploited email inbox and provided hacking training to MPS employees.
Silk Typhoon, the hacking group linked to two of the defendants, is known for targeting healthcare systems, universities, and IT infrastructure. The group was implicated in the Treasury hack reported in late December and has caused millions of dollars in damages to US-based organizations across various sectors.
Other victims of these cyberattacks include two New York newspapers, the US Department of Commerce, and the Defense Intelligence Agency. The scale and scope of the breaches highlight the ongoing cybersecurity challenges faced by both public and private entities in the United States.
As none of the defendants are currently in custody, the US government is offering substantial rewards for information leading to their identification and arrest. Up to $10 million is available for details on i-Soon’s cyber activities, with additional rewards of up to $2 million each for information leading to the arrests and convictions of Yin Kecheng and Zhou Shuai, the two Silk Typhoon members.
This case underscores the persistent threat of state-sponsored cyberattacks and the intricate relationships between government agencies and private hacking entities in China. As investigations continue, the incident serves as a stark reminder of the need for enhanced cybersecurity measures and international cooperation in combating digital threats.
