US Charges 12 Chinese Hackers and Officials, Offers $10M in Rewards

US Charges 12 Chinese Hackers and Officials, Offers $10M in Rewards

The United States has charged 12 alleged state-backed Chinese hackers and officials with offenses related to accessing the email accounts of Chinese dissidents and foreign governments agencies, including the U.S. Department of the Treasury. The charges were announced by the Department of Justice on Wednesday, offering a total of $10 million in rewards for information leading to their capture.

The accused hackers allegedly gained access to the data of dissidents and foreign governments to sell to Chinese officials. They were part of a Chinese state-backed program that used freelance and private hackers to target Chinese dissidents living abroad and foreign government employees, including at the U.S. Treasury Department.

The program "employed an extensive network of private companies and contractors in China to hack and steal information in a manner that obscured" the Chinese government's role, according to a statement from the Department of Justice. From 2016 to 2023, hackers contracted by China's ministries of state security and public security were either directed to seek access to the accounts of selected targets or worked on their "own initiative" to target people they believed state officials would be interested in.

The two Chinese state ministries then allegedly paid the hackers between $10,000 and $75,000 for each account they wanted. The result of this largely indiscriminate approach was more worldwide computer intrusion victims, more systems worldwide left vulnerable to future exploitation by third parties, and more stolen information, often of no interest to China and therefore sold to other third-parties.

The statement identifies the charged hackers as employees of the "ostensibly private" Anxun Information Technology Co. Ltd., which operated publicly as "i-Soon." Also charged with hacking offenses were Ministry of Public Security officials Wang Liyu and Sheng Jing.

Targeting US Critical Infrastructure

The Treasury Department also announced sanctions against Zhou Shuai, a hacker who allegedly worked for another company that "acquired, brokered, and sold data from highly sensitive U.S. critical infrastructure networks." Zhou targeted telecommunications data, border crossing data, data on personnel in religious research, data on media industry personnel, and data on public servants.

The US State Department announced rewards of up to $10 million for information leading to the i-Soon hackers' arrests. The FBI released a public service announcement warning Americans about Beijing's alleged use of "freelance" hackers.

US Government Response

Laura Galante, the former director of cyber threat intelligence in the Office of the U.S. Director of National Intelligence, told a hearing of the U.S. House Select Committee on the Chinese Communist Party that Beijing's use of "private" hackers made it ultimately hard to target.

"These companies frequently change names. They alter their corporate structures. They take other steps to avoid scrutiny," Galante said. "This ecosystem - sometimes called 'hackers for hire' - of Chinese I.T. and cybersecurity contractors, remains largely intact and undeterred."

Chinese Government Response

Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, told Radio Free Asia that the Chinese government "has always firmly opposed and cracked down on all forms of cyber attacks." However, he dismissed the U.S. charges as part of "smear" against China.

"Cyberspace is highly virtual, difficult to trace, and has diverse actors. Tracing the source of cyber attacks is a complex technical issue," Pengyu said, calling for claims to be made based only on "sufficient evidence rather than groundless speculation and accusations."