Chinese Hackers Indicted in US for Treasury Breach, Other Attacks
In a significant development, the US Department of Justice has indicted 12 Chinese nationals, including two high-ranking officials from the Ministry of Public Security, for their involvement in a series of sophisticated hacking attacks that targeted various victims across the globe. The alleged hackers, who were allegedly backed by the Chinese government, used advanced techniques to breach email accounts, cell phones, servers, and websites between 2016 and 2023.
The indictment, which was announced on Wednesday, names eight employees of a Chinese company called Anxun Information Technology Co. Ltd, also known as i-Soon, along with two Ministry of Public Security officers. The victims allegedly targeted by the hackers include US-based Chinese dissidents, foreign ministries of several Asian countries, religious organizations, and additional US federal and state government agencies.
"For years, these 10 defendants --- two of whom we allege are (People's Republic of China - PRC) officials -- used sophisticated hacking techniques to target religious organizations, journalists, and government agencies, all to gather sensitive information for the use of the PRC," said acting US Attorney Matthew Podolsky in a statement. The Justice Department alleged that the private Chinese hackers were paid by the Chinese ministries of public security and state security to exploit specific victims.
In many cases, the hackers targeted vulnerable computers and then sold hacked information to the Chinese government. "In many other cases, the hackers targeted victims speculatively," the Justice Department said, identifying vulnerable computers and then selling hacked information to the Chinese government.
The Scope of the Attacks
The hacking targets allegedly included a religious organization that sent missionaries to China, an organization focused on promoting human rights and religious freedom in China, a Hong Kong newspaper, and the foreign ministries of Taiwan, India, South Korea, and Indonesia. Additionally, a separate indictment was unsealed against Yin Kecheng and Zhou Shuai, alleged members of hacker group "APT 27," also known as "Silk Typhoon."
"Yin, Zhou, and their co-conspirators exploited vulnerabilities in victim networks, conducted reconnaissance once inside those networks, and installed malware, such as PlugX malware, that provided persistent access," the Justice Department said. Between them, Yin and Zhou sought to profit from the hacking of numerous US-based technology companies, think tanks, law firms, defense contractors, local governments, health care systems, and universities, leaving behind a trail of millions of dollars in damages.
The Previous Sanctioning of Yin Kecheng
The United States had previously sanctioned Yin Kecheng in January for his alleged involvement in a hack of the US Treasury Department last year. According to US media outlets, then-Treasury secretary Janet Yellen and other senior Treasury officials were among those targeted.
The Reward Offered by the State Department
The State Department announced a reward of $10 million for information leading to the arrest of all 20 defendants, while also offering a separate reward of $2 million each for information leading to the arrest of Yin Kecheng and Zhou Shuai, who are believed to be in China.
China's Response
Several countries, notably the United States, have voiced alarm at what they say is Chinese-government-backed hacking activity targeting their governments, militaries, and businesses. Beijing has rejected these allegations, stating that it opposes and cracks down on cyberattacks.
Conclusion
The indictment of 12 Chinese nationals for their involvement in a series of sophisticated hacking attacks highlights the ongoing threat posed by state-sponsored hackers to global security. As the investigation continues, the US Department of Justice remains committed to tracking down those responsible and bringing them to justice.