WASHINGTON -- The United States on Wednesday charged 12 alleged state-backed Chinese hackers and state officials with offenses related to accessing the email accounts of Chinese dissidents and foreign governments agencies, including the U.S. Department of the Treasury.
It also announced rewards totaling US$10 million for information leading to their capture, with all of the accused remaining at-large.
A statement from the Department of Justice alleged that the hackers were part of a Chinese state-backed program that used freelance and private hackers to target Chinese dissidents living abroad and foreign government employees, including at the U.S. Treasury Department.
The program “employed an extensive network of private companies and contractors in China to hack and steal information in a manner that obscured” the Chinese government’s role, the statement said.
From 2016 to 2023, hackers contracted by China’s ministries of state security and public security were either directed to seek access to the accounts of selected targets or worked on their “own initiative” to target people they believed state officials would be interested in, it said.
The two Chinese state ministries then allegedly paid the hackers between $10,000 and $75,000 for each account they wanted.
“The result of this largely indiscriminate approach was more worldwide computer intrusion victims, more systems worldwide left vulnerable to future exploitation by third parties, and more stolen information, often of no interest to [China] and, therefore, sold to other third-parties,” it said.
The statement identifies the charged hackers as employees of the “ostensibly private” Anxun Information Technology Co. Ltd., which operated publicly as “i-Soon.” Also charged with hacking offenses were Ministry of Public Security officials Wang Liyu and Sheng Jing.
As part of a flurry of announcements, the Treasury Department on Wednesday also announced sanctions against Zhou Shuai, a hacker who allegedly worked for another company that “acquired, brokered, and sold data from highly sensitive U.S. critical infrastructure networks.”
Zhou targeted “telecommunications data, border crossing data, data on personnel in religious research, data on media industry personnel, and data on public servants,” Treasury said, similarly working to sell the information he acquired to Chinese intelligence agencies.
$10 million rewards
The U.S. State Department on Wednesday announced rewards of up to $10 million for information leading to the i-Soon hackers’ arrests.
The FBI also released a public service announcement warning Americans about Beijing’s alleged use of “freelance” hackers.
“The indicted i-Soon hackers sold stolen data to the MSS and MPS from a myriad of victims, to include US-based critics of the Chinese government and Chinese dissidents, a US news organization, a large US-based religious organization, multiple governments in Asia, and US federal and state government agencies,” the announcement said.
It added that the access sought by Chinese officials was intended to help “suppress free speech and democratic processes worldwide, and target groups deemed a threat to the Chinese government.”
Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, told Radio Free Asia that the Chinese government “has always firmly opposed and cracked down on all forms of cyber attacks.” But he dismissed the U.S. charges as part of “smear” against China.
“Cyberspace is highly virtual, difficult to trace, and has diverse actors. Tracing the source of cyber attacks is a complex technical issue,” Pengyu said, calling for claims to be made based only on “sufficient evidence rather than groundless speculation and accusations.”
The charges against the hackers came as the U.S. House Select Committee on the Chinese Communist Party held a hearing into how the U.S. government should respond to China’s hacking program.
Laura Galante, the former director of cyber threat intelligence in the Office of the U.S. Director of National Intelligence, told the hearing that Beijing’s use of “private” hackers made it ultimately hard to target.
“These companies frequently change names. They alter their corporate structures. They take other steps to avoid scrutiny,” Galante said. “This ecosystem – sometimes called ‘hackers for hire’ – of Chinese I.T. and cybersecurity contractors, remains largely intact and undeterred.”
The “outsourced” model of cyber attacks meant that China’s intelligence services could always depend, she said, on another branch of its decentralized network of hackers if one was caught by U.S. intelligence. It also allowed for “plausible deniability,” she said.
“[China] provides a competitive marketplace – a business network, if you will, – for these exploitation capabilities, and outsources some of the most sensitive target development and operations, like those against U.S. companies,” she said. “This minimizes the risk of exposing the larger state espionage and attack plans that China has.”
Edited by Malcolm Foster.