The United States has taken decisive action against Chinese cybercriminals, charging state security officers and hackers linked to APT27 and i-Soon for extensive cyberattacks since 2011. These breaches have targeted a wide range of victims, including US government agencies, foreign ministries in Asia, US-based dissidents, and a major religious organization.

Details of the Cyberattacks

The Department of Justice (DOJ) revealed that these cyber actors, operating as freelancers or employees of i-Soon, executed network intrusions under the direction of China's Ministry of Public Security (MPS) and Ministry of State Security (MSS). The DOJ has charged two MPS officers and eight employees of Anxun Information Technology, known as i-Soon, for their roles in these attacks.

Indictments and Rewards

The DOJ has unsealed indictments against these individuals, highlighting their attempts to sell stolen data to various MSS or MPS bureaus across China. The US State Department is offering up to $10 million for information leading to the identification or capture of key figures, including:

  • Wu Haibo, CEO
  • Chen Cheng, COO
  • Wang Zhe, Sales Director
  • Several technical staff members
  • MPS Officers Wang Liyu and Sheng Jing

Additionally, Yin Kecheng and Zhou Shuai, associated with the APT27 group, have been charged for their involvement in these global hacking efforts. The Treasury Department has sanctioned them, and the State Department is offering up to $2 million for information leading to their arrest.

Impact and Response

These hackers exploited network vulnerabilities, conducted reconnaissance, and deployed malware like PlugX to maintain persistent access. They targeted numerous US entities, including tech companies, think tanks, and healthcare systems, causing millions in damages. This crackdown is part of a broader strategy to counteract cyber threats from Chinese state-sponsored groups.

In recent months, the US has also sanctioned other Chinese entities involved in ransomware attacks and cyber espionage. These efforts underscore the ongoing battle against cyber threats to critical infrastructure.

The link has been copied!