US: Here's How China Has Been Paying Contract Hackers To Steal Data
The United States government has accused the Chinese government of engaging in a widespread hacking campaign, using contract hackers to infiltrate US networks and steal sensitive data. On Wednesday, the Justice Department announced charges against 12 Chinese nationals, including two high-ranking officials, for their roles in these state-sponsored hacks.
According to federal officials, China's Ministry of Public Security and Ministry of State Security have been paying employees and freelancers at a local cybersecurity company called "i-Soon" to conduct cyber espionage. By tapping into the services of contract hackers, the Chinese government can obscure its involvement in these activities, making it more difficult for law enforcement agencies to track down the perpetrators.
The charges come just over a year after documents were leaked from i-Soon, revealing that the company had ties to China's state-sponsored hacking groups. These leaks provided further evidence of i-Soon's role in China's cyber espionage efforts, which have been ongoing for years.
"For years, these 10 defendants – two of whom we allege are PRC officials – used sophisticated hacking techniques to target religious organizations, journalists, and government agencies," said Acting US Attorney Matthew Podolsky for the Southern District of New York. "They used these hacks to gather sensitive information for the use of the PRC."
The hackers not only stole data but also profiled US-based critics of the Chinese government, including American citizens. In return, i-Soon and its employees generated tens of millions of dollars in revenue, with China paying them generously.
In some cases, i-Soon conducted computer intrusions on its own initiative and then sold or attempted to sell the stolen data to at least 43 different bureaus of the MSS or MPS in at least 31 separate provinces and municipalities in China. The company charged these buyers between approximately $10,000 and $75,000 for each email inbox it successfully exploited.
To carry out their hacking operations, i-Soon often used spear-phishing emails designed to trick victims into installing malware. They also created software tools to send phishing attacks to specific platforms and guess a user's password for their online account.
Despite the charges, the Chinese nationals remain at large and are believed to be based in China, which refuses to extradite criminal suspects to the US. The FBI has placed all the suspects on its most wanted list and used a court order to seize internet domains tied to their hacking activities.
In a related case, the US has charged two other Chinese nationals, Yin Kecheng and Zhou Shuai, for being members of the APT 27 hacking group. Their activities date back to at least 2011, during which they allegedly stole data from numerous US companies and organizations with the goal of selling the information to the Chinese government.
The FBI's investigation has identified a series of accounts associated with Yin, indicating that he was behind the December 2024 breach of the US Treasury Department. In response, the FBI has placed Shuai and Yin on its most wanted list and used a court order to seize internet domains and virtual private servers linked to their malicious activities.
The Treasury Department has also issued sanctions against both suspects, further demonstrating the extent of China's involvement in these hacking campaigns.