U.S. Indicts and Issues Bounties for 12 Chinese Hackers and Public Security Officers

People News 2025-03-06 03:52

The U.S. Department of Justice in Washington, D.C. (Photo by Li Sha / Dajiyuan)

People News - On Wednesday, March 5, the U.S. Department of Justice (DOJ) announced the indictment of 12 Chinese nationals, including hired cyber mercenaries, law enforcement officers, and employees of an information technology company. They are accused of conducting global cyber intrusions.

According to Voice of America, the DOJ stated that the department, along with the FBI, the Naval Criminal Investigative Service (NCIS), the State Department, and the Treasury Department, have launched a coordinated effort to disrupt and deter the malicious cyber activities of these 12 individuals. Among them are two officers from China’s Ministry of Public Security (MPS), eight employees of Anxun Information Technology Co., Ltd. (also known as i-Soon), a nominally private Chinese company, and two members of the hacker group known as "Advanced Persistent Threat 27" (APT27).

The DOJ stated: "Chinese law enforcement and intelligence agencies exploit China’s reckless and indiscriminate cyber mercenary ecosystem, including APT27, to suppress free speech and dissent globally while stealing data from numerous organizations around the world."

According to the DOJ, these malicious cyber actors operated as freelancers or employees of Anxun while being backed by the Ministry of Public Security and national security agencies in China. These government bodies paid them generously for data theft operations. Their victims included Chinese dissidents and critics of the Chinese Communist Party (CCP) in the United States, a major religious organization in the U.S., the foreign ministries of several Asian governments, and both federal and state agencies in the U.S.—including the U.S. Treasury Department, which was infiltrated in late 2024.

In December last year, media reports revealed that some computer workstations at the U.S. Treasury Department had been compromised by hackers. The department confirmed that state-sponsored actors from China were behind the cyber intrusion.

The U.S. government has long warned of increasingly sophisticated cyber threats originating from China. This includes last year’s "Salt Typhoon" attack, which targeted telecommunications companies. That breach enabled Chinese actors to access an unknown quantity of private text messages and phone conversations, including those of U.S. government officials and high-profile public figures. By the end of last year, major telecom providers such as AT&T and Verizon confirmed they had been affected by the "Salt Typhoon" attack.

In February last year, internal documents from Anxun were leaked, exposing the company's connections with the Chinese government and its involvement in hacking activities. These files also detailed the tools used to surveil both Chinese citizens and foreign targets.

On Wednesday, the DOJ further explained that court filings reveal how the Ministry of Public Security and national security agencies in China hired an extensive network of private companies and contractors to conduct cyber intrusions while concealing the CCP’s direct involvement. In some cases, these government bodies directly paid Chinese hackers to target specific victims. In many other instances, hackers engaged in broad, speculative attacks, casting a wide net to identify vulnerable computer systems. Once they found weaknesses, they exploited them to obtain information that could either be directly used by the Chinese government or sold to third parties. This indiscriminate approach to cyber intrusions has resulted in widespread consequences: more computers around the world have been compromised, more systems are now vulnerable to exploitation by third parties, and vast amounts of stolen information—often of no direct value to the Chinese government—have instead been sold to other entities.

Eight Anxun Employees and Two Ministry of Public Security Officers

On Wednesday, a federal court in Manhattan unsealed an indictment accusing eight employees of Anxun and two officers from the Ministry of Public Security of engaging in large-scale hacking attacks on email accounts, mobile phones, servers, and websites from around 2016 to 2023. The Department of Justice also announced that the court had authorized the seizure of Anxun's primary internet domain name used for advertising its business.

According to the Department of Justice, the ten defendants are still at large and are wanted by the FBI. Concurrently with the announcement of the indictment by the U.S. Department of Justice, the U.S. State Department's Rewards for Justice (RFJ) program revealed a reward of up to $10 million for information that leads to the identification and location of individuals involved in certain malicious cyber activities against U.S. critical infrastructure under the direction or control of foreign governments. The wanted individuals include the following eight Anxun employees and two Ministry of Public Security officers:

• Anxun CEO Wu Haibo

• Anxun COO Chen Cheng

• Anxun Sales Director Wang Zhe

• Anxun Technician Liang Guodong

• Anxun Technician Ma Li

• Anxun Technician Wang Yan

• Anxun Technician Xu Liang

• Anxun Technician Zhou Weiwei

• Ministry of Public Security Officer Wang Liyu

• Ministry of Public Security Officer Sheng Jing

Additionally, There are Two Members of the Hacker Organization

The U.S. Department of Justice has announced that a federal court has unsealed two indictments against members of APT27, specifically Yin Kecheng and Zhou Shuai, who is also known as 'Coldface'. They are accused of engaging in a prolonged computer intrusion operation for profit. Additionally, the Department of Justice revealed that the court has authorized the seizure of internet domain names and computer server accounts that the two used to facilitate their hacking activities.

According to the Department of Justice, the APT27 organization, which includes Yin Kecheng and Zhou Shuai, has been identified by private sector security researchers under various names. Court documents allege that between August 2013 and December 2024, Yin Kecheng, Zhou Shuai, and their accomplices exploited vulnerabilities in victim networks to conduct reconnaissance and installed malware that allowed for persistent access. The defendants and their accomplices then identified and stole data from these compromised networks, transferring it to servers they controlled. They subsequently sold the stolen data to a range of clients, some of whom had ties to the Chinese Communist Party and military. The Department of Justice noted that Zhou Shuai sold the data stolen by Yin Kecheng through a company called Anxun.

The Department of Justice emphasized that the defendants were motivated by economic gain, and their profit-driven approach led them to target a wide array of entities. They specifically noted that Yin Kecheng and Zhou Shuai worked together to profit from hacking attacks against numerous U.S. technology companies, think tanks, law firms, defense contractors, local governments, healthcare systems, and universities, resulting in millions of dollars in losses for the victims.

Yin Kecheng and Zhou Shuai are currently residing in China and remain fugitives. The FBI has issued a wanted notice for them. Concurrently, the U.S. State Department has announced a reward of up to $2 million for each individual under the 'Transnational Organized Crime Rewards Program' (TOCRP), seeking information that could lead to their arrest and conviction in any country.

In a statement, Sue J. Bai, the head of the National Security Division at the Department of Justice, said: 'The Department of Justice will tirelessly pursue those who threaten our cybersecurity by stealing information from our government and citizens. Today, we have revealed the indiscriminate and reckless attacks on global computers and networks orchestrated by personnel of the Chinese Communist Party, along with the companies that support them and the individual hackers they employ. We will continue our efforts to dismantle this cyber mercenary ecosystem and safeguard our national security.'

The Department of Justice's statement noted that the details mentioned in the indictment and arrest warrant are merely allegations, and all defendants are presumed innocent until proven guilty in a court of law beyond a reasonable doubt.

« Previous article 12 Chinese nationals indicted in hacking-for-hire scheme

Next article » Senate Republicans push to codify DOGE cuts after Musk

Fiscal Austerity at the "Two Sessions": Vaccine Rights Activists and Petitioners Become Key Targets for Stability Maintenance

2025-03-06 03:40

Russia scolds Macron for pushing Europe towards the abyss of world war

5 Comments

Jennifer Tan Oct 27, 2019 at 12:11 am

News magazine bootstrap themes!

Reply
Carlos vila Oct 27, 2019 at 15:11 am

I like this themes, fast loading and look profesional

Reply
- Jennifer Tan Oct 27, 2019 at 16:11 am
  
  Thank you Carlos!
  
  Reply
  - Carlos vila Oct 27, 2019 at 17:11 am
    
    You're welcome!
    
    Reply
Jennifer Tan Oct 27, 2019 at 17:11 am

Please support me with give positive rating!

Reply
- Carlos vila Oct 27, 2019 at 16:15 am
  
  Yes Sure!
  
  Reply