US Says China Paid Hackers to Target Critics, Steal Data

US prosecutors charged ten Chinese citizens and two government agents for computer hacks that targeted dissidents, religious groups, news outlets and American government agencies.

The Chinese government paid Anxun Information Technology Co., a cybersecurity firm also known as i-Soon, to hack and steal information in a manner that obscured its involvement, the US alleges.

Eight iSoon employees and two Chinese Ministry of Public Security officials were accused with various crimes for their alleged hacking of email accounts, mobile phones, servers and websites between 2016 and 2023, according to an indictment unsealed Wednesday. Separate charges were also made public against two other Chinese citizens, who prosecutors said in a statement were linked to a recent breach of the US Treasury Department.

“We will continue to fight to dismantle this ecosystem of cyber mercenaries and protect our national security,” Sue J. Bai, head of the Justice Department’s national security division, said in a statement. 

Representatives for i-Soon, which is based in Shanghai, didn’t respond to requests for comment. A Chinese government official said the indictments were based on “groundless speculation and accusations.”

“We urge the US to stop using cybersecurity issues to smear China,” said Liu Pengyu, a spokesperson for the Chinese Embassy in Washington. 

The individual defendants didn’t have lawyers listed for them in court records and couldn’t be immediately contacted for comment. They have not been arrested and the US State Department is offering a reward for information leading to their locations, according to a statement from the Justice Department. 

i-Soon drew notice last year when files attributed to the company were posted on the code-sharing site GitHub, revealing how cybersecurity firms, researchers and the government in China were intricately intertwined. 

According to US prosecutors, i-Soon staff sometimes acted at the direction of the Chinese government, and on other occasions chose their own hacking targets and then sold stolen material to various Chinese government agencies. These campaigns allegedly earned the firm tens of millions of dollars in revenue.

The victims of i-Soon’s hacking include at least three news outlets, the US Department of Commerce, the International Trade Administration, the Defense Intelligence Agency, a religious group with thousands of churches and staff of the New York State Assembly, according to the indictment, which doesn’t identify the news outlets or religious group by name. The hackers also allegedly targeted a person in the US who’s been critical of the Chinese government and a Texas-based group that promotes human rights in China.

Prosecutors in Washington separately accused two other Chinese nationals of a years-long scheme of hacking and selling stolen data for profit, and they seized internet domains and a computer server the alleged hackers used. Prosecutors accused the pair of causing millions of dollars of damage by breaking into the computer systems of US-based technology companies, think tanks, law firms, local governments, health-care systems and others. 

The pair weren’t charged with hack of the Treasury Department last year. However, prosecutors said in court filings that servers used in that attack were controlled by an account the two had set up. 

A Treasury report on the breach found that Chinese state-sponsored hackers got into unclassified material on more than 400 laptop and desktop computers, taking particular interest in the machines of staff and senior leaders focused on sanctions, international affairs and intelligence. The compromised devices included then-Secretary Janet Yellen’s computer, Bloomberg News previously reported. 

According to the court records, a key part of i-Soon’s business was using cyberattacks to steal data on behalf of the Chinese government, including the Ministry of Public Security and the Ministry of State Security. The company charged the ministries the equivalent of between $10,000 and $75,000 for each email inbox it successfully hacked, US prosecutors said. i-Soon allegedly offered analysis of the data for an additional fee.

One method i-Soon employees used for hacking was “spearphishing,” a type of phishing attack that targets a specific person or group. The company developed a set of rules for employees to follow when attempting such a hack, according to the US. “For example, the first rule stated, ‘No batch sending, not batch sending, no batch sending,” according to the indictment. “Spearphishing emails are easier to detect as malicious if they are sent repeatedly.”

This article was generated from an automated news agency feed without modifications to text.