U.S. Indicts 12 Chinese Nationals in 'Hackers-for-Hire' Conspiracy

The United States Department of Justice (DOJ) has announced the indictment of 12 Chinese nationals in a global "hackers-for-hire" scheme to "inflict digital harm on Americans who criticize the Chinese Communist Party." The indictment, unsealed on Wednesday, accuses China's Ministry of Public Security (MPS) and Ministry of State Security (MSS) of directing and financing the hackers to conduct computer intrusions against high-value targets in the United States and elsewhere.

The victims of this cyber-attack include U.S.-based critics and dissidents of the People's Republic of China (PRC), a large religious organization in the United States, the foreign ministries of multiple governments in Asia, and U.S. federal and state government agencies. The attackers allegedly targeted these entities as part of a broader campaign to "conduct computer intrusions against high-value targets in the United States and elsewhere," according to DOJ.

According to court documents, the hackers-for-hire were employed by China's intelligence agencies to conduct "computer intrusions around the world with impunity" and then sell stolen data through Chinese data brokers. This operation has resulted in millions of dollars worth of damages and has had far-reaching consequences for U.S. critical infrastructure.

The Masterminds Behind the Hackers-for-Hire Scheme

The first two Chinese nationals indicted in this case, Yin "YKC" Kecheng and Zhou "Coldface" Shuai, are allegedly linked to a state-sponsored Chinese hacking group known as APT27, also known as "LuckyMouse" or "Emissary Panda." This group has been active since 2010, with an early emphasis on cyber-espionage attacks against corporate and government systems in the Western world, the Middle East, and Taiwan.

APT27's later exploits have included profitable cyber-crimes, such as hacking into email inboxes and selling stolen data to foreign governments. Yin and Zhou are charged with "sophisticated computer hacking conspiracies that successfully targeted a wide variety of U.S.-based victims from 2011 to the present day," inflicting millions of dollars worth of damages.

The Role of Anxun Information Technology Col. Ltd.

A second announcement from DOJ on Wednesday added indictments for two MPS officers and eight employees of an "ostensibly private" company called Anxun Information Technology Col. Ltd., also known as i-Soon. This company allegedly generated tens of millions of dollars in revenue as a key player in the PRC's hacker-for-hire ecosystem.

i-Soon is accused of conducting computer intrusions at the request of the MSS or MPS, including cyber-enabled transnational repression at the direction of the MPS officer defendants. In other instances, i-Soon conducted computer intrusions on its own initiative and then sold, or attempted to sell, the stolen data to at least 43 different bureaus of the MSS or MPS in at least 31 separate provinces and municipalities in China.

The defendants were reportedly paid "handsomely" for their efforts by the Chinese intelligence agencies, which wanted to obscure its involvement in the cyber-crime wave by using mercenary third-party hackers. i-Soon allegedly billed the MSS and MPS between $10,000 and $75,000 for each email inbox it penetrated.

The Investigation and Response

The operation to disrupt the malicious activity of the 12 Chinese nationals was a joint effort between DOJ, Naval Criminal Investigative Services (NCIS), the State Department, and the Treasury Department. All 12 of the defendants are at large and wanted by the FBI.

The State Department's Rewards for Justice (RFJ) program is also offering a reward of up to $10 million for information that helps identify or locate suspects who engage in "malicious cyber activities against U.S. critical infrastructure" while under the direction or control of foreign governments.

The Response from China

China has responded angrily to these indictments, claiming that they are "groundless" and stating that a Chinese "cybersecurity agency" has detected "two recent cyberattacks against Chinese high-tech companies launched by the U.S. intelligence community." The Chinese Foreign Ministry has also criticized the United States for its double standards, accusing it of framing China unfairly.

"The U.S. is the Number One 'hacking empire' in the world," said Foreign Ministry spokesman Lin Jian. "We call on the U.S. to ditch its double standards and stop framing China."