The U.S. Department of Justice (DoJ) has filed charges against 12 Chinese nationals for their involvement in a global cyber espionage operation. The accused individuals include two officers from China’s Ministry of Public Security (MPS), eight employees of the Chinese technology company Anxun Information Technology Co. Ltd. (i-Soon), and members of the advanced persistent threat group APT27. The charges stem from their participation in a scheme to steal sensitive data, suppress free speech, and target government and media organizations around the world. These cyber actors allegedly infiltrated computer networks to obtain valuable data, acting under the direction of China’s government while also pursuing their own initiatives to profit from stolen information.
The operation reportedly spanned from 2016 to 2023 and involved hacking into email accounts, cell phones, servers, and websites, often targeting dissidents, critics of the Chinese government, and international organizations. i-Soon, which operated as a hacker-for-hire entity, charged clients between $10,000 and $75,000 for each successfully compromised email inbox. The company’s involvement in the operation highlights the growing trend of private companies being used by state-sponsored actors to carry out cyber espionage while obscuring the involvement of government officials. The Department of Justice claims that i-Soon’s employees and contractors worked to breach U.S. companies, government agencies, and foreign ministries, among other targets.
One of the most concerning aspects of the operation was its impact on freedom of speech, as i-Soon’s activities included cyber-enabled transnational repression at the behest of Chinese authorities.
Targets included religious organizations in the U.S., human rights advocates, critics of the Chinese government, and foreign media outlets. The U.S. government also issued a reward of up to $10 million for information leading to the identification of those responsible for malicious cyber activities against U.S. critical infrastructure, underscoring the significant threat posed by state-sponsored hacking groups like APT27. The DOJ further revealed that Shuai, one of the APT27 members, had been operating as a data broker, selling stolen information to various clients, including entities linked to the Chinese military and government.
In addition to the charges, the DOJ has seized several domains linked to i-Soon and its cyber activities, marking a significant step in disrupting the group’s operations.
The case also highlights the growing use of sophisticated cyber tools by state-backed groups. One such tool, the “Automated Penetration Testing Platform,” was used to send phishing emails and install malware, allowing attackers to gain remote access to compromised systems. i-Soon also marketed password-cracking utilities and hacking software capable of bypassing multi-factor authentication. These revelations demonstrate the extent to which state-sponsored actors, with the help of private companies, are increasingly using advanced cyber tools to target organizations and individuals globally, posing a serious threat to both national security and individual freedoms.
Reference:
