U.S. authorities have unveiled charges against 12 Chinese citizens involved in a cyberespionage scheme that targeted multiple American government agencies, private companies, journalists, and critics. The Justice Department announced that the accused individuals were part of a larger network of hackers who sold stolen data to various clients, including the Chinese government. This case highlights the growing concerns about cyberespionage threats posed by foreign actors.
The victims of these cyberespionage cyberattacks included the U.S. Treasury Department, which had confirmed a breach by Chinese hackers late last year. Other major targets were the U.S. Defense Intelligence Agency, the Commerce Department, and the foreign ministries of several Asian countries. Religious organizations and news outlets critical of China were also among the victims. These attacks aimed to steal sensitive information, including classified government data, private communications, and business records.
The primary method used by the hackers was spear-phishing. In this technique, cybercriminals send emails containing malicious links to trick victims into clicking on them.
Once the link is clicked, the hackers gain access to sensitive information like login credentials and private data. The stolen information was then sold to Chinese intelligence agencies, with payments ranging from $10,000 to $75,000 for each successful hack. Additional fees were charged for analyzing the extracted data, making the cyberespionage operation highly profitable.
Role of iSoon in the Cyberespionage Network
The indictments revealed that eight employees and managers from iSoon, a Shanghai-based company, played a crucial role in the cyberespionage scheme. Two officials from the Chinese Ministry of State Security were also linked to the network.
iSoon, also known as Anxun, specializes in providing hacking services and data collection for various Chinese government agencies. The company reportedly collaborated with the Ministry of Public Security, the Ministry of State Security, and the Chinese military, making it a key player in cyberespionage operations.
Internal documents leaked from iSoon last year provided unprecedented insight into the company’s cyberespionage operations. These files included chat logs between employees, business records, and data from over eight years of activities. The documents showed that iSoon actively competed for contracts from powerful Chinese government entities to steal data from at least 20 foreign governments and several private companies. The leaked files also revealed that iSoon charged its clients not only for successful hacks but also for detailed analysis of the stolen data.
The company often attacked targets identified by Chinese intelligence officials. However, when not working on government orders, iSoon’s hackers carried out speculative attacks on private organizations. They targeted companies, think tanks, religious groups, and government contractors, selling the stolen data on the open market. This practice allowed the Chinese government to deny any direct involvement in the cyberespionage attacks while still benefiting from the stolen information.
Additional Cyberattack Cases Unveiled
Along with the iSoon network, U.S. authorities charged two other Chinese hackers in separate indictments. One of the suspects was linked to a cyberattack on the U.S. Treasury Department’s network last year. The two hackers were accused of causing millions of dollars in damage through cyberattacks carried out over the past decade. These hackers allegedly targeted critical infrastructure networks, government agencies, and private companies.
One of the suspects operated through a company called Shanghai Heiying Information Technology Co. and was a member of the Green Army, a Chinese nationalist hacking group active since the 1990s. This company reportedly brokered the sale of stolen data from other hackers. The second hacker was associated with the hacking group APT27, known for targeting international government and defense data.
The U.S. Treasury Department imposed sanctions on both suspects. The State Department also announced a $2 million reward for information leading to the arrest of one of the hackers. U.S. authorities believe that exposing the individuals behind these attacks will help uncover the broader network of cyber mercenaries operating on behalf of the Chinese government.
The Chinese government has denied any involvement in the cyberattacks. A spokesperson for the Chinese Embassy in Washington stated that cyberspace is difficult to trace and accused the U.S. of using cybersecurity issues to damage China’s reputation. However, U.S. officials argue that the evidence clearly links the accused individuals to Chinese government agencies.
