Justice Department Indicts Chinese Officials and Contractors Over Cyber Intrusion Campaign
The U.S. Department of Justice has taken significant action against a group of Chinese nationals, charging them with involvement in a sprawling cyber intrusion campaign that targeted victims around the world.
According to the indictment, 12 Chinese nationals, including officers of China's Ministry of Public Security and members of the hacking group APT27, have been charged with their alleged roles in the cyber attack. Among those charged are employees of Anxun Information Technology Co. Ltd., a Chinese contractor known as "i-Soon," which allegedly executed cyberattacks on behalf of government ministries while also selling stolen information for profit.
The malicious cyber actors, acting as freelancers or as employees of i-Soon, are claimed to have conducted computer intrusions at the alleged direction of China's Ministry of State Security and on their own initiative. Alleged victims included U.S. government agencies such as the Department of the Treasury, religious organizations, human rights groups, journalists, and the foreign ministries of multiple Asian nations.
The indictment alleges that i-Soon charged Chinese security agencies between $10,000 and $75,000 for each exploited email inbox, revealing a complex web of cybercrime that not only served state interests but also pursued independent profit motives. This led to a broader range of cyberattacks, with the hacker-for-hire ecosystem becoming increasingly lucrative.
Notably, the hacking group APT27 was also implicated in the activities detailed in the indictment. Members of APT27 are accused of engaging in long-term, profit-driven hacking schemes targeting U.S. technology companies, defense contractors, and healthcare systems, resulting in significant financial damages.
A Brief History of APT27
APT27, also known as Silk Typhoon, Emissary Panda, and LuckyMouse, has been identified in several cyber espionage campaigns in the past. In 2021, the group was linked to attacks exploiting vulnerabilities in Fortinet Inc. appliances to infiltrate U.S. municipal government systems.
Additionally, APT27 has been associated with the distribution of the PlugX malware, a tool used by alleged Chinese state-backed threat groups. This malware has been linked to numerous high-profile cyberattacks, highlighting the sophistication and reach of this hacking group.
A Response from the Justice Department
"The Department of Justice will relentlessly pursue those who threaten our cybersecurity by stealing from our government and our people," said Sue J. Bai, head of the Justice Department's National Security Division, in a statement.
“Today, we are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed,” she added.
A Call to Action
In addition to the indictments, the U.S. Department of State's Rewards for Justice program has announced rewards of up to $10 million for information leading to the identification or location of the alleged Chinese cyber actors.
The idea is to encourage public assistance in bringing the named individuals to justice and deterring future cyberthreats. This effort highlights the importance of international cooperation in addressing the growing threat of state-sponsored cybercrime.