Chinese Hackers Indicted In US For Treasury Breach, Other Attacks

The Justice Department has announced that 12 Chinese nationals, including two public security ministry officers, have been indicted for a series of hacking attacks on various targets in the United States and around the world. The indictment, which was unsealed on Wednesday, reveals that the hackers were paid by the Chinese ministries of public security and state security to exploit specific victims.

The alleged victims include US-based Chinese dissidents, the foreign ministries of several Asian countries, religious organizations, and additional US federal and state government agencies. Eight employees of a Chinese company called Anxun Information Technology Co. Ltd, also known as i-Soon, and two Ministry of Public Security officers were indicted in New York for involvement in the alleged hacking of email accounts, cell phones, servers, and websites between 2016 and 2023.

"For years, these 10 defendants -— two of whom we allege are (People's Republic of China - PRC) officials — used sophisticated hacking techniques to target religious organizations, journalists, and government agencies, all to gather sensitive information for the use of the PRC," said acting US attorney Matthew Podolsky in a statement. "In many other cases, the hackers targeted victims speculatively," it added, identifying vulnerable computers and then selling hacked information to the Chinese government.

The Justice Department revealed that i-Soon charged the ministries of public and state security between $10,000 and $75,000 for each email inbox it successfully hacked. All 10 defendants remain at large and the State Department offered a reward of up to $10 million for information leading to their arrest.

Scope of the Hacking Campaign

The hacking campaign allegedly targeted various organizations, including:

• A missionary organization
• A group focused on promoting human rights and religious freedom in China
• A Hong Kong newspaper
• The foreign ministries of Taiwan, India, South Korea, and Indonesia

Additionally, the alleged hackers exploited vulnerabilities in victim networks, conducted reconnaissance once inside those networks, and installed malware, such as PlugX malware, that provided persistent access. Their targets included US-based technology companies, think tanks, law firms, defense contractors, local governments, health care systems, and universities.

Individuals of Interest

Two individuals of interest in the hacking campaign are alleged members of hacker group "APT 27," also known as "Silk Typhoon." Yin Kecheng and Zhou Shuai are believed to have exploited vulnerabilities in victim networks, conducted reconnaissance once inside those networks, and installed malware that provided persistent access.

The United States sanctioned Yin in January for alleged involvement in a hack of the Treasury Department last year. According to US media outlets, then-Treasury secretary Janet Yellen and other senior Treasury officials were among those targeted. The State Department announced a reward of $2 million each for information leading to the arrest of Yin and Zhou, who are believed to be in China.

Global Implications

Several countries, notably the United States, have voiced alarm at what they say is Chinese-government-backed hacking activity targeting their governments, militaries, and businesses. Beijing rejects the allegations, and has previously said it opposes and cracks down on cyberattacks.

The indictment highlights the growing concern about state-sponsored hacking campaigns and the need for international cooperation to address this issue. The US government's efforts to track down and prosecute Chinese hackers reflect its commitment to protecting national security and intellectual property interests.