In a recent development that is sending shockwaves across the cyber world, 12 Chinese nationals have been indicted by several U.S. law enforcement agencies for their involvement in a series of cyber attacks targeting a wide range of entities including government bodies, religious groups, media organizations, and international governments.
Among the accused individuals are two officers from China’s public security service, employees of a Chinese technology firm, and members of a notorious hacking group known as APT27, also referred to as Iron Tiger, Emissary Panda, LuckyMouse, TG-3390, and Bronze Union.
The Department of Justice, along with the FBI, the Naval Criminal Investigative Service, and the Departments of State and Treasury, revealed the charges against these cyber actors and connected them to operations conducted by China’s state security agencies.
Court documents indicate that the cyber attacks took place between 2016 and 2023, with the hackers gaining access to critical data through a series of computer intrusions. The stolen information was allegedly sold to Chinese government agencies for significant profits.
In a press release, the US Department of Justice highlighted a key part of the investigation involving a private firm called i-Soon Information Technology. An indictment unsealed by a federal court in Manhattan accuses eight employees from i-Soon, along with two public security officers, of breaching various platforms including email accounts, cell phones, servers, and websites.
Furthermore, the court has authorized the seizure of the main internet domain associated with the hacking group, which has been implicated in cyber activities targeting U.S.-based critics, a religious organization, and multiple news outlets.
Parallel indictments have been issued against members of the hacking group APT27, who have been active since at least 2013. These charges detail their efforts to infiltrate networks in various sectors such as technology firms, think tanks, law firms, and universities.
One notable incident mentioned in the indictments is a recent hack on the U.S. Treasury that occurred late last year, where rented virtual private servers played a crucial role. Investigators have taken down digital infrastructure linked to these operations in an attempt to dismantle the network.
The individuals named in the indictments hold different job titles within the hacking group, ranging from technical staff to chief executive officers and chief operating officers.
Law enforcement officials have stressed that these cyber attackers were not only state-sponsored operatives but also freelancers who operated through private companies. Their wide-ranging cyber activities have exposed numerous systems to further attacks, resulting in significant financial and reputational harm to the affected organizations.
In response to these cyber threats, U.S. authorities have offered substantial rewards for information leading to the identification or location of the accused individuals. One reward offers up to $10 million for details on specific individuals connected to the hacking network, while another program provides up to $2 million for information on other cyber actors operating from China.
The ongoing investigation and prosecution of these Chinese nationals involved in cyber attacks serve as a somber reminder of the constant threats faced by governments, organizations, and individuals in the digital age. The coordinated efforts of law enforcement agencies in combating cybercrime highlight the importance of cybersecurity measures in safeguarding sensitive information and infrastructure from malicious actors.