In a recent development, the Justice Department in the United States has announced charges against twelve Chinese nationals, including hackers, law enforcement personnel, and employees of a private hacking company. These individuals are implicated in a series of global cybercrime campaigns that targeted dissidents, news organizations, U.S. agencies, and universities. The charges shed light on the growing hacking-for-hire industry in China, where private companies and contractors are allegedly paid by the Chinese government to carry out cyber attacks on behalf of the state.
The indictments reveal the extent of cyber threats emanating from China, with notable incidents like the Salt Typhoon hack last year, which compromised the private communications of Americans, including government officials and public figures. One of the indictments focuses on eight leaders and employees of a hacking company called I-Soon, which is accused of engaging in a wide range of cyber breaches to suppress free speech, identify dissidents, and steal data. The founder of I-Soon, Wu Haibo, who was a member of the Green Army hacktivist group in China, is among those charged for overseeing hacking operations.
While previous reports on leaked documents from I-Soon primarily highlighted its activities targeting governments in countries like India, Taiwan, and Mongolia, the new revelations point to the company’s involvement in cyber attacks against Chinese dissidents, religious organizations, and media outlets based in the U.S. The indictment also implicates the company in targeting individual critics of China, the Defense Intelligence Agency, and a research university. The hackers working for I-Soon reportedly received tasks from China’s Ministry of Public Security, but also initiated attacks independently and attempted to sell stolen information to the government.
According to officials, I-Soon charged the Chinese government between $10,000 and $75,000 for each email inbox successfully hacked. Despite attempts to reach out to I-Soon representatives, the company has not responded to requests for comment. Meanwhile, the Chinese Embassy in Washington has dismissed the allegations as a “smear,” calling for a more evidence-based approach in characterizing cyber incidents.
Another indictment targets two Chinese hackers, Yin Kecheng and Zhou Shuai, who allegedly conducted a hacking campaign for profit, targeting U.S. technology companies, think tanks, defense contractors, and healthcare systems. The U.S. Treasury Department, which was among the victims of the hackers, disclosed a breach last year, describing it as a major cybersecurity incident. In response to this case, the Treasury Department has imposed sanctions, and the State Department has announced a reward of up to $2 million for information leading to the arrest of the hackers.
The activities of I-Soon and other private hacking contractors in China highlight the thriving industry of cyber espionage in the country, with a growing demand for overseas intelligence by Chinese state security. These private hackers-for-hire companies have reportedly infiltrated hundreds of systems outside China over the past two decades, selling stolen data to the Chinese authorities. The complex web of cyber threats originating from China underscores the need for enhanced cybersecurity measures and international cooperation to combat such malicious activities.
Overall, the charges brought against Chinese hackers and government officials in connection with cybercrime campaigns underscore the ongoing challenges posed by state-sponsored cyber attacks and the importance of strengthening defenses against such threats. The intricate nature of these cyber operations highlights the need for continued vigilance and collaboration among nations to safeguard against malicious cyber activities in an increasingly interconnected world.