US Charges 12 Chinese Nationals in Vast Espionage and Cyber Intrusion Campaign

US Charges 12 Chinese Nationals in Vast Espionage and Cyber Intrusion Campaign

The United States Department of Justice has announced criminal charges against 12 Chinese nationals accused of conducting a decade-long cyber espionage campaign. The indictment details their involvement in breaching various global targets, including the US Treasury, exposing the internal communications, tools, and business relationships within China’s hacker-for-hire ecosystem.

Key Findings from the Indictment

• Targets and Scope: The accused allegedly targeted US federal and state agencies, foreign ministries across Asia, dissidents, media outlets critical of China, and notably, the US Treasury between September and December of last year.

• Modus Operandi: The hackers, some employed by the Shanghai-based contractor i-Soon, allegedly conducted cyber intrusions for financial gain, selling stolen data to Chinese government agencies and third-party brokers.

• Breaching the US Treasury: An internal Treasury report revealed that at least 400 PCs were compromised, and over 3,000 files were stolen.

• Financial Motivations: Communications between the accused reveal personal ambitions, such as one hacker expressing his desire to “break into a big target” to afford a new car.

i-Soon and the Business of Cyber Espionage

The indictment sheds light on i-Soon, a contractor for China’s Ministry of State Security and Ministry of Public Security. The firm allegedly charged government clients between $10,000 and $75,000 per compromised email inbox, amassing tens of millions of dollars annually. Prosecutors say i-Soon worked with 43 different bureaus across 31 Chinese provinces.

i-Soon allegedly maintained a “zero-day vulnerability arsenal,” selling exploit kits and password-cracking tools. It also offered penetration testing products that were, in reality, designed for malicious hacking.

APT27 and the Silk Typhoon Threat

Two individuals linked to APT27 (also known as Silk Typhoon) were named in the indictment. They are accused of targeting defense contractors, think tanks, and other high-profile organizations. Their strategy included infiltrating subsidiaries of major companies to gain access to primary targets.

US Response and Future Actions

• The US government has placed bounties ranging from $2 million to $10 million for information leading to the arrest of the accused.

• Microsoft has issued a guide on Silk Typhoon’s hacking techniques, highlighting their exploitation of IT supply chains.

• DOJ officials have condemned China’s lax oversight of its hacker-for-hire operations, calling them “reckless and indiscriminate.”

While the 12 accused individuals remain at large, the indictment underscores US efforts to expose and counteract China’s cyber operations.