Ethical Hacking News
US Charges Chinese Hackers Linked to Critical Infrastructure Breaches
US Department of Justice charges two high-ranking Chinese officials and eight employees of a hacking-for-hire operation with involvement in network breaches and cyberattacks. The indictment alleges that these malicious actors conducted computer intrusions at the direction of China's Ministry of State Security (MSS) and on their own initiative, targeting victims globally since 2011. A reward of up to $10 million is offered by the US Department of State for information leading to the arrest or conviction of key defendants. The case highlights the growing sophistication of Chinese state-sponsored hackers and the need for increased international cooperation to combat cyber threats. Two additional Chinese cybersecurity professionals were charged and sanctioned by the Treasury Department's Office of Foreign Assets Control.
In a significant escalation of global cybersecurity tensions, the United States Department of Justice has charged two high-ranking officials from China's Ministry of State Security (MSS) and eight employees of Anxun Information Technology (also known as i-Soon), a Chinese hacking-for-hire operation, with involvement in various network breaches and cyberattacks targeting victims globally since 2011. This move marks a major step forward for the US government in its efforts to combat state-sponsored cyber threats emanating from China.
The indictment, unsealed on March 5, 2025, alleges that these malicious actors, acting as freelancers or employees of i-Soon, conducted computer intrusions at the direction of the MSS and on their own initiative. The MSS paid handsomely for stolen data, according to the Justice Department. The victims list includes US federal and state government agencies, foreign ministries of multiple governments in Asia, U.S.-based dissidents, as well as a prominent religious organization in the United States.
The State Department is also offering a reward of up to $10 million through its Rewards for Justice (RFJ) program for information that could help locate or identify the following defendants: Wu Haibo (吴海波), Chief Executive Officer; Chen Cheng (陈诚), Chief Operating Officer; Wang Zhe (王哲), Sales Director; Liang Guodong (梁国栋), Technical Staff; Ma Li (马丽), Technical Staff; Wang Yan (王堰), Technical Staff; Xu Liang (徐梁), Technical Staff; Zhou Weiwei (周伟伟), Technical Staff; Wang Liyu (王立宇), MSS Officer; Sheng Jing (盛晶), MSS Officer.
The indictment reveals that i-Soon hackers conducted computer intrusions at the request of the MSS, and independently hacked targets. They also attempted to sell stolen data to at least 43 MSS or MPS bureaus across 31 Chinese provinces and municipalities. i-Soon charged the MSS between $10,000 and $75,000 for every compromised email inbox and trained MPS employees.
This case marks one of the most significant charging actions taken by the US government against individual hackers and state-sponsored operatives in recent years. It highlights the increasingly sophisticated nature of Chinese cyber threats, which have been linked to various high-profile breaches globally.
Two Chinese cybersecurity professionals, Yin Kecheng (aka YKCAI) and Zhou Shuai (aka Coldface), linked to the APT27 hacking group, were also charged today for their involvement in this global hacking campaign. While they're both still at large, the Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned them, while the State Department announced rewards of up to $2 million for information leading to their arrests and convictions.
The defendants allegedly exploited vulnerabilities in victim networks, conducted reconnaissance once inside those networks, and installed malware, such as PlugX malware, that provided persistent access. The defendants then identified and stole data from compromised networks by exfiltrating it to servers under their control. They brokered stolen data for sale and provided it to various customers, only some of whom had connections to the PRC government and military.
"This case is part of a broader effort to combat cyberattacks coordinated by Chinese cybercriminals and state-sponsored hackers," said a spokesperson for the US Department of Justice. "The indictment highlights the need for increased vigilance and cooperation among nations to address this critical global threat."
The sanctions against Yin Kecheng and Zhou Shuai mark another significant escalation in US-China tensions, which have been rising over the past year amid concerns about intellectual property theft, cyber espionage, and other issues.
As part of a broader effort to crack down on North Korean IT workers who were implicated in various high-profile cyberattacks, the Treasury Department also recently sanctioned Sichuan Silence and one of its employees for involvement in Ragnarok ransomware attacks targeting US critical infrastructure. The sanctions targeted Chinese cybersecurity company Integrity Tech for its involvement in cyberattacks linked to the Flax Typhoon hacking group.
The case highlights the need for increased international cooperation to combat cyber threats, as well as the growing sophistication of Chinese state-sponsored hackers. As such, it serves as a reminder that cybersecurity is an increasingly critical national security concern, which requires sustained attention and action from governments around the world.
Related Information:
https://www.ethicalhackingnews.com/articles/US-Charges-Chinese-Hackers-Linked-to-Critical-Infrastructure-Breaches-A-Global-Cybersecurity-Threat-ehn.shtml
Published: Wed Mar 5 15:09:55 2025 by llama3.2 3B Q4_K_M
