US Charges 12 Chinese Nationals for Hacks into Government Systems

The US Justice Department has unsealed sweeping charges against 12 Chinese nationals for their roles in hacking activities that have targeted U.S. federal and state systems on behalf of Beijing's intelligence services over the past several years.

Eight of the people charged are employees of i-Soon, a Chinese cybersecurity firm that made headlines last year after a leak of documents revealed the company's extensive efforts to break into foreign governments' computer systems at the direction of the Chinese government. The allegations state that these individuals compromised email accounts, cell phones, servers, websites, and IT supply chains to steal sensitive data from targets.

Two other people charged in connection with i-Soon are officers in Beijing's Ministry of Public Security, according to the Justice Department's allegations. A separate pair among those charged is affiliated with Silk Typhoon, a group recently found to have infiltrated Treasury Department networks and compromised some of the agency's most sensitive systems.

One of those people, Yin Kecheng, was sanctioned in January. The charges also include several i-Soon victims listed, including the Defense Intelligence Agency and Department of Commerce, targeted in 2017 and 2018, respectively. Other agencies targeted by i-Soon include the foreign ministries of Taiwan, South Korea, Indonesia, and India, as well as several U.S.-based organizations.

A court-authorized seizure of the website domains used to advertise i-Soon's services was issued Tuesday, documents show. The Silk Typhoon unit accessed Treasury systems late last year, including its sanctioning and assets control offices, as well as the Committee on Foreign Investment in the U.S. and former Treasury Secretary Janet Yellen's computer.

Across the board, the hackers compromised email accounts, cell phones, servers, websites, and IT supply chains to steal sensitive data from targets. They exploited unknown vulnerabilities, deployed malware, and stole credentials through phishing schemes. Once inside a network, the cyberspies conducted reconnaissance, moved laterally, and exfiltrated data to sell, often to Chinese government agencies.

For instance, i-Soon would charge between $10,000 and $75,000 for each successfully hacked email account, according to DOJ reports. "Today, we are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed," said Sue Bai, who heads DOJ's National Security Division.

"We will continue to fight to dismantle this ecosystem of cyber mercenaries and protect our national security." The entities like i-Soon make up a vast nexus of contracted hacking firms employed by the Chinese government. China has been largely deemed the top U.S. cyber adversary by current and former officials.