US Charges Members of Chinese Hacker-for-Hire Group i-Soon
The United States has taken a significant step in combating cybercrime by charging members of the notorious Chinese hacking group APT27, alongside government employees and i-Soon staff, for their involvement in long-running arms-length hacking campaigns. The Department of Justice (DoJ) announced yesterday that eight i-Soon employees and two Ministry of Public Security (MPS) officers are wanted for a campaign that spanned from 2016 to 2023, targeting the widespread hacking of email accounts, mobile phones, servers, and websites.
The DoJ stated that these individuals made tens of millions of dollars as hackers for hire, conducting both computer intrusions at the request of the MPS or Ministry of State Security (MSS), or doing so under their own initiative and then selling any compromised data to Beijing. Cybersecurity company i-Soon allegedly charged the MSS and MPS $10,000-$75,000 for each compromised email inbox and also earned money training MPS employees.
The targets of these hacking campaigns included an unnamed "large religious organization" and "multiple news organizations" critical of the Chinese Communist Party (CCP). The scheme extended beyond i-Soon, with the DoJ claiming that the Chinese Ministry of Public Security has been paying hackers-for-hire to inflict digital harm on Americans who criticize the CCP.
"Today's announcements reveal that the Chinese Ministry of Public Security has been paying hackers-for-hire to inflict digital harm on Americans who criticize the Chinese Communist Party (CCP)," said assistant director Bryan Vorndran of the FBI's Cyber Division. "To those victims who bravely came forward with evidence of intrusions, we thank you for standing tall and defending our democracy. And to those who choose to aid the CCP in its unlawful cyber activities, these charges should demonstrate that we will use all available tools to identify you, indict you, and expose your malicious activity for all the world to see."
Separately, the DoJ charged two APT27 actors for a long-running for-profit campaign dating back to 2013. They allegedly hacked and sold data to multiple buyers, including the Chinese government. Among the victims were US technology companies, think tanks, law firms, defense contractors, local governments, health care systems, and universities.
Upping the stakes further, the US State Department issued a reward of up to $10m for information leading to the "identification or location" of the wanted i-Soon employees. The Department also announced a separate reward of $2m each for "information leading to the arrests and convictions" of APT27 actors Yin Kecheng and Zhou Shuai.
The Treasury's Office of Foreign Assets Control (OFAC) also announced sanctions against Yin for his alleged role in hacking the agency between September and December 2024. This move underscores the US government's commitment to taking action against those involved in cybercrime and its efforts to disrupt the operations of Chinese state-sponsored hackers.
The arrest of i-Soon employees and APT27 actors marks a significant development in the ongoing fight against Chinese cyber espionage. It highlights the need for increased cooperation between law enforcement agencies and cybersecurity companies to combat this threat and protect national security interests.