The Justice Department has released criminal charges against 12 hackers related to the Chinese government, accused of hacking more than 100 American organizations, including the US Treasury, over a decade.
All of the individuals charged played a “significant role” in the employment ecosystem of Chinese hackers, a senior DOJ official said in a background call with reporters, including TechCrunch. Officials added that the people who were claimed, including contract hackers and Chinese law enforcement officials, are target organizations in the US and around the world with the aim of “controlling freedom of speech and freedom of religion.”
The DOJ also confirmed that the two individuals charged were related to the Chinese government-sponsored hacking group APT27 or Silk Typhoon.
The two individuals, named Yin Kecheng and Zhou Shuai, have been accused of running a “multi-year for-profit computer invasion campaign” dating back to 2013. Prosecutors say the campaigns allowed two individuals to sell the information to third parties with links to the Chinese government before they could sell it to third parties.
According to DOJ's currently unused indictment, the two hackers were able to access the victim's network by leveraging multiple security flaws in widely used enterprise software. A new Microsoft study published Wednesday revealed that hackers exploited flaws in Microsoft Exchange, Palo Alto Networks firewall, Citrix Netscaler appliances and Ivanti Pulse Connect Secure Appliances, recently confirmed a secure appliance in January.
Daniel Spicer, Ivanti's chief security officer, told TechCrunch that he “can't talk” about Microsoft's attribution, but he moved quickly to patch the bug.
The organizations targeted by Yin and Zhou include US-based technology companies, think tanks, law firms, defense contractors, local governments, health systems and universities, US prosecutors said.
Yin and Yang were also linked to a wide range of recent US Treasury hacks in December 2024. Yin was approved by the Ministry of Finance's Foreign Assets Control Bureau in February after linking the Inn to China's Ministry of National Security (MSS), the intelligence agency responsible for the recovery of the country's foreign intelligence report.
According to the DOJ, the FBI seized the virtual private servers and other infrastructure that Yin uses to perform hacks at the US Treasury.
The Justice Department also announced accusations on Wednesday against eight employees of Chinese government hacking contractor I-SOON. This includes the CEO and Chief Operating Officer, two officials from China's Ministry of Public Security, are government agencies that oversee the public police in the country.
According to DOJ, ISOON employees were involved in a wide range of hacking campaigns from 2016 to 2023, generating “tens of millions of dollars.” ISOON employees have been accused of hacking at the request of Chinese security agencies and carrying out an intrusion on “own initiatives” before selling stolen data to the Chinese government.
The hacking campaign has targeted many US-based organizations, prosecutors say it includes religious groups critical of the Chinese government, organizations focused on promoting religious freedom in China, and several religious groups from US news organizations.
The data stolen by Yin was also sold through I-Soon, prosecutors say, but it is unclear whether this includes data stolen during a violation by the US Treasury Department.
The defendant remains large. The U.S. Department of Justice Program Remuneration has announced a reward of up to $10 million for information that helps track I-SOON employees. Separately, a $2 million reward is offered for information leading to Yin and Zhao's arrest and conviction.