Chinese Hackers Indicted in US for Treasury Breach and Other Attacks
In a significant development, the United States Justice Department has indicted 12 Chinese nationals, including two high-ranking officials from the Ministry of Public Security, for a series of sophisticated hacking attacks that targeted various government agencies, non-governmental organizations, and individuals in the United States. The indictment was announced on Wednesday, revealing a complex web of hacking schemes that compromised sensitive information and caused significant damages.
The alleged hacks, which took place between 2016 and 2023, involved the unauthorized access to email accounts, cell phones, servers, and websites of several prominent targets. These included US-based Chinese dissidents, foreign ministries of Asian countries such as Taiwan, India, South Korea, and Indonesia, religious organizations, and additional federal and state government agencies.
According to Acting US Attorney Matthew Podolsky, the 10 defendants - two of whom are alleged to be People's Republic of China (PRC) officials - used advanced hacking techniques to target these victims, gathering sensitive information for the benefit of the PRC. In some cases, the hackers were paid by the Chinese ministries of public security and state security to exploit specific victims, while in others, they targeted victims speculatively, identifying vulnerable computers and selling hacked information to the Chinese government.
"The defendants used sophisticated hacking techniques to target religious organizations, journalists, and government agencies, all to gather sensitive information for the use of the PRC," Podolsky said. "In many other cases, the hackers targeted victims speculatively, identifying vulnerabilities in victim networks, conducting reconnaissance once inside those networks, and installing malware that provided persistent access."
The hacking targets allegedly included a religious organization that sent missionaries to China, an organization focused on promoting human rights and religious freedom in China, a Hong Kong newspaper, and several foreign ministries. A separate indictment was also unsealed against two alleged members of the hacker group "APT 27," also known as "Silk Typhoon."
Yin Kecheng and Zhou Shuai, who are believed to be in China, exploited vulnerabilities in victim networks, conducted reconnaissance once inside those networks, and installed malware that provided persistent access. Between them, Yin and Zhou sought to profit from the hacking of numerous US-based technology companies, think tanks, law firms, defense contractors, local governments, health care systems, and universities, leaving behind a trail of millions of dollars in damages.
The United States has sanctioned Yin in January for alleged involvement in a hack of the Treasury Department last year. According to reports, then-Treasury Secretary Janet Yellen and other senior Treasury officials were among those targeted.
The State Department announced a reward of $2 million each for information leading to the arrest of Yin and Zhou, who are believed to be in China. The US government has voiced alarm at what it sees as Chinese-government-backed hacking activity targeting its governments, militaries, and businesses.
However, Beijing rejects these allegations, stating that it opposes and cracks down on cyberattacks.
A Wake of Damage
The alleged hacking schemes have left a significant wake of damage, with millions of dollars in losses and sensitive information compromised. The US government has offered a reward of up to $10 million for information leading to the arrest of the 20 defendants who remain at large.
The indictment highlights the ongoing threat posed by Chinese hackers to global cybersecurity, as well as the need for increased cooperation between governments to combat this threat. As one cybersecurity expert noted, "Cybercriminals are targeting drivers with fake toll fee SMS scams" - a reminder that cyber threats are becoming increasingly sophisticated and widespread.
Conclusion
The indictment of Chinese hackers in the United States marks a significant development in the ongoing battle against cybercrime. While the US government has taken steps to combat this threat, more needs to be done to ensure that global cooperation increases and that those responsible for these attacks are held accountable.