The United States has taken significant action against members of a prominent Chinese hacking group known as APT27, as well as government officials and employees of a cybersecurity company called i-Soon. The Department of Justice (DoJ) recently announced that eight i-Soon employees and two Ministry of Public Security (MPS) officers are being sought for their involvement in a hacking campaign that lasted from 2016 to 2023.
According to the DoJ, the hacking campaign conducted by these individuals targeted email accounts, mobile phones, servers, and websites. The DoJ alleges that i-Soon’s CEO, Wu Haibo, COO, Chen Cheng, and others within the company profited significantly from their hacking activities, either at the behest of the MPS or Ministry of State Security (MSS), or by selling compromised data to the Chinese government.
It has been reported that i-Soon charged the MPS and MSS substantial fees for each compromised email inbox, ranging from $10,000 to $75,000. Additionally, the company earned money by providing training to MPS employees. The targets of their hacking efforts included a large religious organization and multiple news organizations critical of the Chinese government.
The repercussions of these actions extend beyond just i-Soon, as the DoJ has also charged two members of APT27 for engaging in a long-standing, profit-driven hacking campaign that dates back to 2013. These individuals allegedly sold data to various buyers, including the Chinese government, with victims spanning across US technology companies, think tanks, law firms, defense contractors, local governments, healthcare systems, and universities.
Assistant Director Bryan Vorndran of the FBI’s Cyber Division expressed concern over the Chinese Ministry of Public Security paying hackers-for-hire to target individuals critical of the Chinese Communist Party. He commended those who provided evidence of intrusions and emphasized the US government’s commitment to identifying and prosecuting malicious cyber activities.
In response to these actions, the US State Department has issued a reward of up to $10 million for information leading to the identification or location of the wanted i-Soon employees and $2 million each for information resulting in the arrests and convictions of APT27 actors Yin Kecheng and Zhou Shuai. Additionally, the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions against Yin for his alleged involvement in hacking activities targeting the agency in late 2024.
These charges and sanctions underscore the US government’s determination to combat cyber threats originating from China and hold individuals accountable for their involvement in cyber espionage and hacking operations. The ongoing investigations and legal actions serve as a reminder of the ongoing challenges posed by state-sponsored hacking and the importance of international collaboration in addressing cybersecurity threats.