<p>The Justice Department on Wednesday unsealed sweeping charges against 12 Chinese nationals for their roles in hacking activities that have targeted U.S. federal and state systems on behalf of Beijing’s intelligence services over the past several years.</p>
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
<p>Eight of the people are employees of i-Soon, a Chinese cybersecurity firm that made headlines a year ago after a <a href=“Leaked documents show how firm supports Chinese hacking operations | CyberScoop”>leak of documents</a> posted to Github revealed the extensive efforts the company went through to break into foreign governments’ computer systems at the direction of the Chinese government. Two other people charged in connection with i-Soon are officers in Beijing’s Ministry of Public Security, according to the Justice Department’s <a href=“Southern District of New York | 10 Chinese Nationals Charged With Large-Scale Hacking Of U.S. And International Victims On Behalf Of The Chinese Government | United States Department of Justice”>allegations</a>.</p>
<p>A <a href=“District of Columbia | Chinese Nationals with Ties to the PRC Government and “APT27” Charged in a Computer Hacking Campaign for Profit, Targeting Numerous U.S. Companies, Institutions, and Municipalities | United States Department of Justice”>separate pair</a> among those charged is affiliated with Silk Typhoon, a group recently found to have infiltrated Treasury Department networks and compromised some of the agency’s most sensitive systems. One of those people, Yin Kecheng, was <a href=“US sanctions Chinese firm behind sweeping Salt Typhoon telecom hacks - Nextgov/FCW”>sanctioned</a> in January.</p>
<p>Several of i-Soon’s victims included the Defense Intelligence Agency and Department of Commerce, targeted in 2017 and 2018, respectively, according to <a href=“https://www.justice.gov/opa/media/1391901/dl?utm_medium=email&amp;utm_source=govdelivery”>court documents</a>. </p>
<p>One other agency targeted in 2019 and 2022 is described as a DC-based “news service funded by the United States government that delivers uncensored domestic news to audiences in Asian countries, including China.” It’s unclear which news service the documents refer to, though two housed under the U.S. Agency for Global Media — Voice of America and Radio Free Asia — have China branches.</p>
<p>Other i-Soon victims listed include the foreign ministries of Taiwan, South Korea, Indonesia and India, as well as several U.S.-based organizations. A court-authorized seizure of the website domains used to advertise i-Soon’s services was issued Tuesday, <a href=“https://www.justice.gov/opa/media/1391896/dl?utm_medium=email&amp;utm_source=govdelivery”>documents show</a>.</p>
<p>The Silk Typhoon unit accessed Treasury systems late last year, including its sanctioning and assets control offices, as well as the Committee on Foreign Investment in the U.S. and former Treasury Secretary Janet Yellen’s computer. As part of the unsealing, the Department announced the seizure of internet domains connected to Kecheng, as well as the seizure of a virtual private server used by co-conspirator Zhou Shuai.</p>
<p>Across the board, the hackers compromised email accounts, cell phones, servers, websites and IT supply chains to steal sensitive data from targets, the allegations say.</p>
<p>They exploited unknown vulnerabilities, deployed malware and stole credentials through phishing schemes. Once inside a network, the cyberspies conducted reconnaissance, moved laterally and exfiltrated data to sell, often to Chinese government agencies. For instance, i-Soon would charge between $10,000 and $75,000 for each successfully hacked email account, DOJ says.</p>
<p>“Today, we are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed,” said Sue Bai, who heads DOJ’s National Security Division. “We will continue to fight to dismantle this ecosystem of cyber mercenaries and protect our national security.”</p>
<p>Entities like i-Soon make up a <a href=“US sanctions Chinese company that helped facilitate espionage hacks - Nextgov/FCW”>vast nexus</a> of contracted <a href=“Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol and sex | AP News”>hacking firms</a> employed by the Chinese government. China has been largely deemed the top U.S. cyber adversary by current and former officials. </p>
<p>A separate hacking unit tied to Beijing’s Ministry of State Security, dubbed Salt Typhoon, was found last year to have breached at least nine U.S. telecom providers and dozens of others worldwide. Sichuan Juxinhe Network Technology Co. operated alongside the Chinese government to carry out those hacks, according to previous <a href=“US sanctions Chinese firm behind sweeping Salt Typhoon telecom hacks - Nextgov/FCW”>Treasury sanctions</a>.</p>
Article Link: US charges 12 Chinese nationals for hacks into government systems - Nextgov/FCW