Criminal Charges Against 12 Chinese Hackers for Breaching the U.S. Department of the Treasury

Criminal Charges Against 12 Chinese Nationals in Cyberattacks on 100 U.S. Organizations

The U.S. Department of Justice announced today that it has filed criminal charges against 12 Chinese nationals involved in a series of cyberattacks targeting more than 100 American organizations since 2013, including the U.S. Department of the Treasury, according to The Verge.

The department accuses the hackers of carrying out the attacks either individually or at the request of China’s Ministry of Public Security and the Ministry of State Security. Among the accused are two officers from the Ministry of Public Security, while the rest include eight employees from a Chinese private company called “i-Soon.” According to the indictment, i-Soon was responsible for breaching popular email platforms such as Gmail and Microsoft Outlook, as well as monitoring public opinion through the platform “X,” which the accused used to assist the Chinese government in monitoring international public sentiment. The U.S. government referred to this tool as the “Public Opinion Guidance and Surveillance Platform.”

The remaining two defendants belong to a hacking group known as “APT27” or “Silk Typhoon,” which has carried out breaches targeting healthcare systems and universities.

Targeting Government IT Systems

According to recent research by Microsoft, the “Silk Typhoon” group specifically focused on compromising IT systems that included management software. The Treasury Department breach reported in late December was part of this ongoing attack. The Department of Justice noted that the hackers were financially motivated, with the Ministry of Public Security reportedly paying substantial amounts for the stolen data.

i-Soon and Its Role in the Attacks

The Department of Justice’s statement noted that i-Soon and its employees, including the accused, generated millions of dollars in revenue from their involvement in China’s state-sponsored hacking network. In some cases, i-Soon conducted hacks at the request of the Ministry of Public Security, including cross-border online suppression activities directed by the accused Ministry of Public Security officers. In other instances, i-Soon independently conducted the hacks and then sold or attempted to sell the stolen data to at least 43 offices of the Ministry of National Security and Ministry of Public Security across 31 provinces and municipalities in China.

i-Soon charged the Ministry of National Security and Ministry of Public Security fees ranging from $10,000 to $75,000 per email account exploited. Additionally, the company trained Ministry of National Security employees on independent hacking techniques.

Victims of the Cyberattacks

Among the victims targeted by i-Soon were companies and media outlets in New York, the U.S. Department of Commerce, the Defense Intelligence Agency, and several other organizations.

Defendants and Reward for Information

The Department of Justice stated that the accused have not been apprehended, and the U.S. government is offering a reward of up to $10 million for information that helps identify or locate any of the individuals involved in the malicious cyber activities.

Motivations Behind “Silk Typhoon” Attacks

As for the accused in “Silk Typhoon,” the Department of Justice emphasized that their motives were financial, as they targeted a wide range of victims, putting numerous systems at risk. Their cyber activities caused damages estimated in the millions of dollars, while defendants “Yin” and “Zhou” sought to exploit breaches in tech companies, research centers, law firms, defense contractors, local governments, healthcare systems, and universities.

Sources:

• U.S. Department of Justice
• The Verge
• Microsoft Reports
• International News Agencies