Ethical Hacking News
Twelve Chinese nationals have been charged by the U.S. government for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People's Republic of China's Ministry of Public Security, eight employees of an ostensibly private PRC company, and members of Advanced Persistent Threat 27. The charges expose the PRC's continued attempts to spy on and silence anyone it deems threatening to the Chinese Communist Party.
The U.S. Department of Justice has charged 12 Chinese nationals with participating in a hacking scheme targeting overseas critics of the PRC government. The scheme, operated by Anxun Information Technology Co. Ltd., aimed to steal data and suppress free speech and dissent globally. The company's tools were used to hack into email accounts, cell phones, servers, and websites, with revenue generated estimated in the tens of millions of dollars. The hacking operation was part of a broader PRC effort to spy on and silence critics of the Chinese Communist Party.
The U.S. Department of Justice (DoJ) has recently announced charges against 12 Chinese nationals, accused of participating in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People's Republic of China's (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private PRC company, Anxun Information Technology Co. Ltd. (安洵信息技术有限公司) also known as i-Soon, and members of Advanced Persistent Threat 27 (APT27, aka Budworm, Bronze Union, Emissary Panda, Lucky Mouse, and Iron Tiger).
According to the DoJ, the victims of i-Soon's hacking operations were primarily individuals or entities that were prominent overseas critics of the PRC government, or those who posed a threat to the rule of the Chinese Communist Party. The company is also said to have trained MPS employees how to hack independently of i-Soon and provided for sale various hacking methods that it described as an "industry-leading offensive and defensive technology" and a "zero-day vulnerability arsenal."
One of i-Soon's offerings was a software called the "Automated Penetration Testing Platform" that is capable of sending phishing emails, creating files with malware that provide remote access to victims' computers upon opening, and cloning websites of victims in an attempt to trick them into providing sensitive information. Another offering was a password-cracking utility known as the "Divine Mathematician Password Cracking Platform" and a program engineered to hack into various online services like Microsoft Outlook, Gmail, and X (formerly Twitter), among others.
The purpose of i-Soon's tools, referred to as "Public Opinion Guidance and Control Platform (Overseas)," was to let the company's customers leverage the network of hacked X accounts to understand public opinion outside of China. The charges announced by the DoJ expose the PRC's continued attempts to spy on and silence anyone it deems threatening to the Chinese Communist Party.
"The charges announced today expose the PRC's continued attempts to spy on and silence anyone it deems threatening to the Chinese Communist Party," said Acting Assistant Director in Charge Leslie R. Backschies of the DoJ. "The Chinese government tried to conceal its efforts by working through a private company, but their actions amount to years of state-sponsored hacking of religious and media organizations, numerous government agencies in multiple countries, and dissidents around the world who dared criticize the regime."
The eight i-Soon employees, alongside two MPS officers, have been accused of breaking into email accounts, cell phones, servers, and websites from at least in or around 2016 through in or around 2023. The U.S. Federal Bureau of Investigation (FBI), in a court filing, said the activities associated with i-Soon are tracked by the cybersecurity community under the monikers Aquatic Panda (aka RedHotel), while APT27 overlaps with that of Silk Typhoon, UNC5221, and UTA0178.
Separately, the U.S. Department of State's Rewards for Justice (RFJ) program has announced a reward of up to $10 million for information leading to the identification or location of any person who engages in malicious cyber activities against U.S. critical infrastructure while acting under the direction of a foreign government. The DoJ further noted that i-Soon and its employees generated tens of millions of dollars in revenue, making the company a key player in the PRC hacker-for-hire ecosystem.
In some instances, i-Soon conducted computer intrusions at the request of the MSS or MPS, including cyber-enabled transnational repression at the direction of the MPS officer defendants. In other instances, i-Soon conducted computer intrusions on its own initiative and then sold, or attempted to sell, the stolen data to at least 43 different bureaus of the MSS or MPS in at least 31 separate provinces and municipalities in China.
Targets of i-Soon's attacks included a large religious organization in the United States, critics and dissidents of the PRC government, a state legislative body, U.S. government agencies, the ministries of foreign affairs of multiple governments in Asia, and news organizations.
Concurrently with the charges, the DoJ has also announced the seizure of four domains linked to i-Soon and the APT27 actors.
Related Information:
https://www.ethicalhackingnews.com/articles/US-Government-Unveils-Charges-Against-12-Chinese-Nationals-for-State-Backed-Hacking-Operations-ehn.shtml
Published: Thu Mar 6 01:18:09 2025 by llama3.2 3B Q4_K_M
