The U.S. Department of Justice (DOJ) on Wednesday announced 12 Chinese nationals have been indicted in a global “hackers-for-hire” scheme to “inflict digital harm on Americans who criticize the Chinese Communist Party.”
Court documents unsealed on Wednesday accused China’s Ministry of Public Security (MPS) and Ministry of State Security (MSS) of directing and financing the hackers to “conduct computer intrusions against high-value targets in the United States and elsewhere.”
“Victims include U.S.-based critics and dissidents of the People’s Republic of China (PRC), a large religious organization in the United States, the foreign ministries of multiple governments in Asia, and U.S. federal and state government agencies, including most recently in 2024,” DOJ said.
“By employing these hackers-for-hire, the PRC government further allowed these same hackers to profit by committing additional computer intrusions around the world with impunity, and then to sell stolen data through Chinese data brokers,” DOJ added.
The first two Chinese nationals indicted in the case, Yin “YKC” Kecheng and Zhou “Coldface” Shuai, were allegedly linked to a state-sponsored Chinese hacking group known as APT27, “LuckyMouse,” or “Emissary Panda.”
The group has been active since 2010, with an early emphasis on cyber-espionage attacks against corporate and government systems in the Western world, the Middle East, and Taiwan. APT27’s later exploits included profitable cyber-crimes.
DOJ charged Yin and Zhou with “sophisticated computer hacking conspiracies that successfully targeted a wide variety of US.-based victims from 2011 to the present day,” inflicting “millions of dollars worth of damages.” Both Yin and Zhou have previously been named in multiple-count indictments for fraud, identity theft, and money laundering.
A second announcement from DOJ on Wednesday added indictments for two MPS officers and eight employees of an “ostensibly private” company called Anxun Information Technology Col. Ltd., also known as i-Soon.
“i-Soon and its employees, to include the defendants, generated tens of millions of dollars in revenue as a key player in the PRC’s hacker-for-hire ecosystem. In some instances, i-Soon conducted computer intrusions at the request of the MSS or MPS, including cyber-enabled transnational repression at the direction of the MPS officer defendants,” DOJ charged.
“In other instances, i-Soon conducted computer intrusions on its own initiative and then sold, or attempted to sell, the stolen data to at least 43 different bureaus of the MSS or MPS in at least 31 separate provinces and municipalities in China,” the indictment said.
The defendants were reportedly paid “handsomely” for their efforts by the Chinese intelligence agencies, which wanted to obscure its involvement in the cyber-crime wave by using mercenary third-party hackers. According to DOJ, i-Soon billed the MSS and MPS between $10,000 and $75,000 for each email inbox it penetrated, and was also paid to train MPS operatives in its hacking techniques.
In addition to attacking entities in the United States, i-Soon allegedly “targeted the foreign ministries of Taiwan, India, South Korea, and Indonesia.
The operation to disrupt the malicious activity of the 12 Chinese nationals was a joint effort between DOJ, Naval Criminal Investigative Services (NCIS), the State Department, and the Treasury Department. All 12 of the defendants are at large and wanted by the FBI.
The State Department’s Rewards for Justice (RFJ) program is also offering a reward of up to $10 million for information that helps identify or locate suspects who engage in “malicious cyber activities against U.S. critical infrastructure” while under the direction or control of foreign governments.
“The defendants in these cases have been hacking for the Chinese government for years, and these indictments lay out the strong evidence showing their criminal wrongdoing. We again demand that the Chinese government to put a stop to these brazen cyber criminals who are targeting victims across the globe and then monetizing the data they have stolen by selling it across China,” Interim U.S. Attorney for the District of Columbia Edward R. Martin Jr. said on Wednesday.
“As evidenced by today’s and previous announcements, China offers safe harbor for private sector companies that conduct malicious cyber activity against the United States and its partners,” State Department spokesperson Tammy Bruce said.
The Chinese Foreign Ministry on Thursday angrily rejected the indictments as “groundless” and claimed a Chinese “cybersecurity agency” has instead detected “two recent cyberattacks against Chinese high-tech companies launched by the U.S. intelligence community.”
“The U.S. is the Number One ‘hacking empire’ in the world. We call on the U.S. to ditch its double standards and stop framing China,” fumed Foreign Ministry spokesman Lin Jian.
Read the full article here
