The United States Department of Justice (DOJ) has recently made a bold move against a significant cyber threat by issuing indictments against 12 Chinese nationals, which includes two officers from China’s Ministry of Public Security (MPS) and various employees of the Chinese technology firm i-Soon. This action is part of a broader effort to combat global cybercrime and safeguard critical U.S. infrastructure from foreign attacks.
The DOJ’s crackdown on cybercrime was showcased with the announcement of charges against Zhou Shuai, Yin Kecheng, and eight employees of i-Soon. These individuals are accused of participating in a hacking campaign that targeted crucial sectors like defense, healthcare, communications, and government agencies. Additionally, the U.S. government imposed sanctions on Zhou Shuai and his company, Shanghai Heiying Information Technology Company, for allegedly obtaining and selling sensitive data from U.S. infrastructure networks, posing a risk to national security and violating international cyber norms.
The indictments also shed light on China’s extensive hacker-for-hire operations, allegedly orchestrated by the MPS and Ministry of State Security. The collaboration between the DOJ, FBI, NCIS, and other departments helped uncover these cyber activities, which aimed at making profits through cyber intrusions either independently or on behalf of Chinese intelligence agencies. The targets included U.S. critics of the CCP, a religious organization, foreign ministries of Asian countries, and various American federal and state agencies.
The investigation revealed an intricate network of private companies in China engaged in state-sponsored hacking, operating to conceal the Chinese government’s involvement while stealing and selling information for profit. This approach not only violated privacy rights but also left numerous systems vulnerable to future attacks, posing a severe threat to global cybersecurity.
In a significant move, federal courts in the Southern District of New York opened indictments against eight i-Soon employees and two MPS officers for conducting cyberattacks over the years. The DOJ also seized i-Soon’s primary internet domain to disrupt the company’s activities. Acting U.S. Attorney Matthew Podolsky highlighted the severity of the charges, emphasizing the need to halt these state-sponsored hackers to safeguard national security.
The FBI has issued arrest warrants for the indicted individuals, who are currently at large. Furthermore, the Department of State’s Rewards for Justice program has offered a reward of up to $10 million for information leading to the identification or location of individuals engaged in malicious cyber activities on behalf of foreign governments. The named individuals include top officials and technical staff of i-Soon, along with MPS officers.
The targeted organizations, including a U.S. religious organization, news outlets critical of the CCP, and foreign ministries, indicate the breadth of the cyber intrusions orchestrated by i-Soon. Besides affecting the U.S., these attacks have global repercussions, raising concerns among international allies about China’s cyber operations.
In a separate indictment in the District of Columbia, two individuals were charged for their involvement in a decade-long hacking campaign linked to APT27. The U.S. government has issued rewards for information leading to their arrests, emphasizing the commitment to holding Chinese hackers accountable and urging China to stop protecting these cybercriminals.
As cyber threats evolve, experts stress the importance of proactive measures by governments to address vulnerabilities and hold malicious actors responsible. The recent indictments mark a significant milestone in combating state-sponsored cybercrime, underscoring the U.S.’s stance against foreign-backed hacking activities.