In a recent development, the Justice Department has brought charges against twelve Chinese individuals, including hackers, law enforcement personnel, and employees of a private hacking company, in connection with various cybercrime campaigns targeting dissidents, news organizations, U.S. agencies, and universities. The indictments shed light on a thriving hacking-for-hire ecosystem in China, where private companies and contractors are allegedly paid by the Chinese government to carry out cyber attacks on selected targets to benefit Beijing’s interests while providing cover for Chinese state security forces.
The U.S. government has been increasingly concerned about the sophisticated cyber threats emanating from China, exemplified by incidents such as the Salt Typhoon hack last year that granted Beijing access to private communications of Americans, including government officials and prominent figures. One of the indictments focuses on eight leaders and employees of the private hacking company I-Soon, founded in Shanghai in 2010, which stands accused of engaging in a range of computer breaches globally with the aim of stifling speech, identifying dissidents, and stealing data from victims. Wu Haibo, the founder of I-Soon and a former member of China’s Green Army hacktivist group, allegedly directed these hacking operations.
Previous reports based on leaked documents from I-Soon mainly highlighted the company’s targeting of governments in various countries but lacked details on its activities in the United States. However, the recent indictment reveals new information about I-Soon’s operations, including its targeting of Chinese dissidents, religious groups, and media outlets based in the U.S., as well as individual critics of China, the Defense Intelligence Agency, and a research university.
According to the indictment, some of the hacking activities were sanctioned by China’s Ministry of Public Security, while in other instances, the hackers acted independently and attempted to sell the stolen information to the government afterward. The indictment also alleges that I-Soon charged the Chinese government between $10,000 and $75,000 for each email inbox successfully breached.
Although phone calls to I-Soon went unanswered, and the company did not respond immediately to requests for comment, a spokesperson from the Chinese foreign ministry denied the charges, labeling them as “hypocritical” and pointing to alleged U.S. cyberattacks on China. In a separate indictment, two other Chinese hackers were charged in connection with a for-profit hacking campaign targeting U.S. technology companies, defense contractors, and government agencies, including the U.S. Treasury Department, which confirmed a breach by Chinese actors late last year.
The Treasury Department imposed sanctions related to the hacking incident, while the State Department announced rewards for information leading to the apprehension of the defendants. I-Soon’s case is just one example of a broader industry in China, as highlighted in a previous AP investigation, where private hacking contractors operate to steal data for the Chinese government’s benefit. The demand for overseas intelligence by Chinese state security has fueled the growth of these hacking companies over the past two decades, enabling them to infiltrate systems beyond China’s borders.
The rise of China’s hacking industry dates back to the early days of the internet when patriotic hackers offered their services to the Chinese Communist Party, unlike the anti-establishment sentiment prevalent among many coders. The recent indictment underscores the interconnected nature of China’s first-generation patriotic hackers, many of whom have transitioned into entrepreneurs doing business with the government for profit.
Despite facing challenges after the leak of I-Soon’s documents last year, the company remains operational, albeit with downsizing and office relocation. The evolving landscape of cyber warfare and the intricate relationships between state actors and private hacking entities continue to pose significant challenges for cybersecurity experts and law enforcement agencies worldwide.