Photo credit: www.theverge.com

DOJ Charges 12 Chinese Nationals in Major Cyberattack Investigation

The Department of Justice (DOJ) has formally charged 12 individuals from China for their alleged involvement in cyberattacks targeting over 100 U.S. entities, including the Department of the Treasury. These attacks trace back to as early as 2013, reflecting a sustained campaign against a variety of organizations.

The charges indicate that these individuals conducted cyber operations independently and also acted under the directives of China’s Ministry of Public Security (MPS) and the Ministry of State Security (MSS). Among the accused, two are identified as officers of the MPS, while eight others are linked to a Chinese firm named i-Soon. This company is accused of possessing the technical expertise necessary to breach platforms like Gmail, Microsoft Outlook, and social media outlets, including Twitter and X. The DOJ refers to one of its tools as the “Public Opinion Guidance and Control Platform,” which was purportedly used to assist the Chinese government in surveilling opinions abroad.

In addition, two of the defendants belong to a hacking group known as APT27, or Silk Typhoon, infamous for infiltrating various sectors, including healthcare and education. Recent findings from Microsoft have indicated that this group has intensified its focus on IT systems, particularly those related to management software, which were implicated in the recent hacking incident involving the Treasury.

The DOJ highlights that financial gain is a primary driver behind these cyber operations, stating, “MPS and MSS paid handsomely for stolen data.” Regarding i-Soon, the indictment details its role within China’s hacking ecosystem:

“i-Soon and its employees, including the defendants, amassed tens of millions in revenue as integral players in the hacker-for-hire domain within China. Occasionally, i-Soon executed cyber intrusions under the orders of the MSS or MPS, including activities aimed at transnational repression as instructed by MPS officers. In other cases, the company initiated cyberattacks autonomously, later attempting to sell the stolen information to 43 different MSS or MPS bureaus across 31 provinces and municipalities within China. They charged between $10,000 and $75,000 for each compromised email inbox and also provided hacking training to MPS personnel.”

On the topic of Silk Typhoon:

“The financial motivations of the defendants led them to conduct broad and indiscriminate attacks, which exposed victim systems to vulnerabilities far beyond the immediate theft of data. Key figures Yin and Zhou specifically targeted multiple U.S.-based technology firms, think tanks, law practices, defense organizations, local governments, healthcare institutions, and educational establishments, resulting in significant financial repercussions.”

Other notable victims of i-Soon’s hacking ventures include two newspapers in New York, the U.S. Department of Commerce, and the Defense Intelligence Agency, among others.

Currently, none of the individuals charged are in custody. To aid in the capture of those involved, the U.S. government is offering rewards of up to $10 million for information that helps identify individuals responsible for directing or executing i-Soon’s cyber activities. Additionally, rewards of up to $2 million are available for information leading to the apprehension and convictions of Yin Kecheng and Zhou Shuai, the two members of Silk Typhoon.

Source
www.theverge.com