12 Chinese Hackers Charged with US Treasury Breach — and Much, Much More
The Department of Justice has made a significant move against a group of 12 Chinese nationals accused of conducting a series of devastating cyberattacks on over 100 US organizations, including the US Treasury. The alleged cybercrimes date back to 2013 and have left a trail of destruction in their wake.
A String of Attacks Spanning Decades
The Department of Justice (DOJ) alleges that the group of hackers was behind the attacks either on their own or at the behest of the Ministry of Public Security (MPS) and China's Ministry of State Security (MSS). The allegations are serious, with the DOJ accusing the individuals of carrying out their attacks for financial gain.
According to the government's indictment, two of the alleged hackers are officers of the MPS, while eight others work for an "ostensibly private" Chinese company called i-Soon. This company allegedly had the capability to hack into Gmail and Microsoft Outlook inboxes, as well as Twitter and X (formerly known as Tumblr), using the latter tool to monitor public opinion overseas.
The "Public Opinion Guidance and Control Platform"
The DOJ has dubbed this tool the "Public Opinion Guidance and Control Platform," highlighting its potential for widespread surveillance and control. The indictment alleges that i-Soon used this platform to guide the Chinese government's efforts to shape public opinion on various issues.
A Group of Hackers with a Broad Reach
The group, known as APT27 or Silk Typhoon, has been behind numerous high-profile hacks in the past. According to recent Microsoft research, they have focused their attention on IT systems that include management software. This includes the Treasury hack reported in late December.
Motivated by Money, Not Ideology
The DOJ alleges that the hackers were motivated by financial gain, with the "MPS and MSS paid handsomely for stolen data." The alleged hackers generated tens of millions of dollars in revenue as part of China's hacker-for-hire ecosystem.
i-Soon: A Key Player in China's Cybercrime Economy
i-Soon and its employees, including the defendants, have been accused of conducting cyberattacks on behalf of the MSS or MPS. In some instances, they conducted intrusions at the request of these agencies, while in others, they operated independently to sell stolen data.
A Complex Network of Hacking Operations
i-Soon also trained MPS employees how to hack independently and offered a variety of hacking methods for sale to its customers. The defendants' motivations were financial, and as such, they targeted a wide range of victims, rendering systems vulnerable beyond their initial pilfering of data.
Millions of Dollars in Damages
Between them, Yin Kecheng and Zhou Shuai (two Silk Typhoon members) sought to profit from the hacking of numerous US-based technology companies, think tanks, law firms, defense contractors, local governments, healthcare systems, and universities. Their actions have left behind a wake of millions of dollars in damages.
A Rewards Program for Information
The US government is offering as much as $10 million for information that helps identify any individuals accused of directing or carrying out "i-Soon's malicious cyber activity." Additionally, the government is offering up to $2 million each for information leading to the arrests and convictions of malicious cyber actors Yin Kecheng and Zhou Shuai.
No Arrests Yet, But Justice May Be on the Horizon
None of the defendants is currently in custody. However, with this latest development, it's clear that law enforcement agencies are taking these allegations very seriously. As the investigation continues, it remains to be seen whether any of those accused will face justice.