Source: securityboulevard.com – Author: Jeffrey Burt
The indictments this week of 12 Chinese nationals accused of hacking into computer systems of an array of individuals and organizations in the United States and elsewhere put a spotlight on the Chinese government’s extensive use of private companies and freelancers to steal data and to obscure official’s involvement in the attacks.
According to Justice Department (DOJ) prosecutors, China’s Ministry of Public Security (MPS) and Ministry of State Security (MSS) for years relied on this hacker-for-hire operation set these contract hackers and companies – in particular, Anxun Information Technology Co., also known as i-Soon – on U.S. federal and state government agencies, a large religious organization in the United States, critics and dissidents of the Chinese government based in the United States, and the foreign ministries of governments in Asia, including Taiwan, South Korea, and India.
The victims included the U.S. Treasury Department in a high-profile attack late last year.
According to the DOJ, both the MPS and MSS “paid handsomely” for the stolen.
“Today, we are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed,” Sue Bai, head of DOJ’s National Security Division, said in a statement.
Ties with Silk Typhoon
All 12 defendants are still at large and the DOJ is offering multi-million-dollar rewards for information leading to their identification or location. Two of those indicted are MPS officers and the other 10 were eight i-Soon employees – including its CEO and COO – and two members of the China-based APT27 threat group, also known as Silk Typhoon, which was behind attacks in 2021 that exploited security flaws in Microsoft Exchange Server.
In its own report this week, Microsoft wrote that Silk Typhoon has expanded its target list to include the IT supply chain, including IT infrastructure and services, remote monitoring and management (RMM) companies, managed services providers (MSPs), and cloud applications in the United States and elsewhere.
i-Soon at the Center
According to prosecutors, the network of freelancer hackers and private companies was extensive used to hack into systems and networks was extensive, with i-Soon particular among them. From 2016 through 2023, the company and its personnel hacked email accounts, cell phones, server, and websites, either at the direction or in coordination with Chinese government agencies.
The company at one point had more than 100 employees and tens of millions of dollars in revenue, working with at least 43 MPS or MSS bureaus and charging the agencies $10,000 to $75,000 for every email box they hacked. The victims include two newspapers in New York, U.S. government offices like the Defense Intelligence Agency, Commerce Department, and International Trade Administration, and the New York State Assembly.
The list also included a religious organization in the United States with thousands of churches and congregations and millions of members, a human rights organization based in Texas and founded by a critic of the Chinese government, and a state research university in the United States.
Hacking Lessons and Products
Prosecutors said that at times i-Soon’s hacking came on the request of MSS or MPS, and other times the company would run attacks on its own and looked to sell the stolen data to various bureaus within the Chinese government agencies. It trained MPS employees how to hack, sold hacking methods to customers, and boasted of having “industry-leading offensive and defensive technology” and a “zero-day vulnerability arsenal” for hacking systems used to successfully hack computer systems.
i-Soon also offered software called the “Automated Penetration Testing Platform” for launching email phishing attacks, creating files with malware for gaining access to victims’ systems, and cloning victims’ websites to persuade targets to submit personal data.
Other products offered were the “Divine Mathematician Password Cracking Platform” to gain access to online accounts or system by deciphering passwords and software targeting victim accounts on systems and applications, including Microsoft Outlook, Gmail, X (formerly Twitter), Android, Windows, and Linux.
More Than a Decade of APT27 Attacks
Among the indictments handed up were those against Yin Kecheng and Zhou Shuai – also known as Coldface – both of whom are members of Silk Typhoon. Prosecutors allege the two, along with other Silk Typhoon members, between 2013 and last year exploited vulnerabilities to gain access to victim networks, installed malware like PlugX for persistence, and stole data, which they sold to organizations inside and outside of China’s government.
They also said Yin was involved in the hack of U.S. Treasury Department systems between September and December 2024. The Treasury Department in January sanctioned Yin Kecheng for his role in the hack.
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2025/03/indictments-of-chinese-cyber-spies-reveal-hacker-for-hire-operation/?utm_source=rss&utm_medium=rss&utm_campaign=indictments-of-chinese-cyber-spies-reveal-hacker-for-hire-operation
Category & Tags: Cloud Security,Cybersecurity,Data Security,Featured,Identity & Access,Incident Response,Mobile Security,Network Security,News,Security Boulevard (Original),Social – Facebook,Social – LinkedIn,Social – X,Spotlight,Threats & Breaches,china espionage,Chinese hackers,indictments,Silk Typhoon – Cloud Security,Cybersecurity,Data Security,Featured,Identity & Access,Incident Response,Mobile Security,Network Security,News,Security Boulevard (Original),Social – Facebook,Social – LinkedIn,Social – X,Spotlight,Threats & Breaches,china espionage,Chinese hackers,indictments,Silk Typhoon
Views: 3
