US charges Chinese hackers, government officials in broad cybercrime
campaign
[March 06, 2025]
By ERIC TUCKER and DAKE KANG
WASHINGTON (AP) — Twelve Chinese nationals — including mercenary
hackers, law enforcement officers and employees of a private hacking
company — have been charged in connection with global cybercrime
campaigns targeting dissidents, news organizations, U.S. agencies and
universities, the Justice Department announced Wednesday.
A set of criminal cases filed in New York and Washington add new detail
to what U.S. officials say is a booming hacking-for-hire ecosystem in
China, in which private companies and contractors are paid by the
Chinese government to target victims of particular interest to Beijing
in an arrangement meant to provide Chinese state security forces cover
and deniability.
The indictments come as the U.S. government has warned of an
increasingly sophisticated cyber threat from China, such as a hack last
year of telecom firms called Salt Typhoon that gave Beijing access to
private texts and phone conversations of an unknown number of Americans,
including U.S. government officials and prominent public figures.
One indictment charges eight leaders and employees of a private hacking
company known as I-Soon with conducting a sweeping array of computer
breaches around the world meant to suppress speech, locate dissidents
and steal data from victims. Among those charged is Wu Haibo, who
founded I-Soon in Shanghai in 2010 and was a member of China's first
hacktivist group, Green Army, and who is accused in the indictment of
overseeing and directing hacking operations.
Earlier reporting by The Associated Press on leaked documents from
I-Soon mainly showed I-Soon was targeting a wide range of governments
such as India, Taiwan or Mongolia, but little on the United States.
But the indictment contains new revelations about I-Soon’s activities
targeting a wide range of Chinese dissidents, religious organizations
and media outlets based in the U.S., including a newspaper identified as
publishing news related to China and opposed to the Chinese Communist
Party. Other targets included individual critics of China living in the
U.S., the Defense Intelligence Agency and a research university.
The intended targets were in some cases directed by China's Ministry of
Public Security — two law enforcement officers were charged with tasking
certain assignments — but in other instances the hackers acted at their
own initiative and tried to sell the stolen information to the
government afterward, the indictment says.
The company charged the Chinese government the equivalent of between
approximately $10,000 and $75,000 for each email inbox it successfully
hacked, officials said.
Phone numbers listed for I-Soon on a Chinese corporate registry rang
unanswered, and I-Soon representatives did not immediately respond to an
AP email requesting comment.
[to top of second column]
|
The U.S. Department of Justice building is seen in Washington, Dec.
7, 2024. (AP Photo/Jose Luis Magana, File)
A spokesperson for the Chinese Embassy in Washington, Liu Pengyu,
suggested Wednesday that the allegations were a “smear” and said,
“We hope that relevant parties will adopt a professional and
responsible attitude and base their characterization of cyber
incidents on sufficient evidence rather than groundless speculation
and accusations.”
A separate indictment charges two other Chinese hackers, identified
as Yin Kecheng and Zhou Shuai, in a for-profit hacking campaign that
targeted victims including U.S. technology companies, think tanks,
defense contractors and health care systems. Among the targets was
the U.S. Treasury Department, which disclosed a breach by Chinese
actors late last year in what it called a “major cybersecurity
incident.”
The Treasury Department announced sanctions Wednesday in connection
with the hacking, and the State Department announced
multimillion-dollar rewards for information about the defendants.
I-Soon is part of a sprawling industry in China, documented in an AP
investigation last year, of private hacking contractors that steal
data from other countries to sell to the Chinese authorities.
Over the past two decades, Chinese state security’s demand for
overseas intelligence has soared, giving rise to a vast network of
these private hackers-for-hire companies that have infiltrated
hundreds of systems outside China.
China’s hacking industry rose in the early days of the internet,
when Wu and other Chinese hackers declared themselves “red hackers”
— patriots who offered their services to the Chinese Communist
Party, in contrast to the anti-establishment ethos popular among
many coders.
The indictment “proved the close ties and interaction among China’s
first generation patriotic hackers,” said Mei Danowski, a
cybersecurity analyst who wrote about I-Soon on her blog, Natto
Thoughts. They “all turned to entrepreneurs now — doing businesses
with the governments and making profits through other means.”
Since I-Soon documents were leaked online last year, the company has
been suffering but is still in operation, according to Chinese
corporate records. They've downsized and moved offices.
"Apparently i-SOON companies have been struggling to survive,"
Danowski wrote on her blog. “To Chinese state agencies, a company
like i-SOON is disposable.”
___
Kang reported from Beijing.
All contents © copyright 2025 Associated Press. All rights reserved |
