U.S. indicts 12 Chinese nationals for cyber espionage

The U.S. Department of Justice (DoJ) has indicted 12 Chinese nationals, including two officers from China's Ministry of Public Security (MPS) and eight employees from the private firm Anxun Information Technology Co. Ltd., known as i-Soon, for their involvement in extensive cyber espionage operations targeting over 100 U.S. organizations since 2013.

Individuals indicted by the U.S. DoJ

According to the indictment, i-Soon proactively carried out cyberattacks and later sold the stolen data to the Chinese government charging between $10,000 and $75,000 per compromised email account. In other cases, state actors directly commissioned specific intrusions. The breaches targeted critical sectors, including government agencies like the U.S. Treasury Department and Defense Intelligence Agency, businesses, healthcare providers, and academic institutions.

The indicted hackers primarily used spear-phishing emails to gain initial access, leveraging sophisticated malware, credential theft, and lateral movement techniques to establish persistent footholds in victim networks. They also exploited zero-day vulnerabilities to bypass security defenses, demonstrating high levels of technical capability.

Stay on top of emerging threats.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

In response to these indictments, the U.S. Department of State's Rewards for Justice program has announced a reward of up to $10 million for information leading to identifying or locating individuals engaging in malicious cyber activities, on behalf of foreign governments, against U.S. critical infrastructure.

Source: The Hacker News

Analysis

It is highly unlikely that Chinese authorities would arrest its own citizens and extradite them to the U.S. to face the charges laid by the DoJ, rendering the charges largely symbolic. However, the charges will have a serious impact on the accused individual’s ability to travel internationally, as they risk being arrested if they travel to any country that chooses to cooperate with the DoJ.

It remains to be seen whether the substantial reward offer will deter potential cybercriminals by increasing the risks associated with such activities and encouraging insiders or knowledgeable parties to come forward. Regardless, it does serve as a clear signal of the United States' commitment to combating state-sponsored cyber threats and may disrupt future recruitment efforts by introducing uncertainty and fear of exposure within hacker-for-hire networks.

China isn’t the only country that uses hacker-for-hire schemes as this has been a tactic frequently used by Russia. For example, Russian citizen Alexsey Belan and Canadian Karim Baratov collaborated with the Federal Security Service (FSB) under the direction of officers Dmitry Dokuchayev and his boss Igor Sushchin as proficient hackers-for-hire for several years.

Individuals affiliated with Russia's hacker-for-hire program

Baratov was eventually sentenced to five years in prison in 2018 for his part in aiding FSB officers in compromising webmail accounts. Belan, the alleged mastermind of the massive Yahoo breach in 2013, was arrested in Cyprus in 2013 at the request of the United States but was mysteriously released before he could be extradited and managed to escape back to Russia.

Alexsey Belan's wanted poster

Mitigation

Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for emerging threats emanating from China. Field Effect MDR users are automatically notified if threat-related activity is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.

Related Articles

• Unsecured lines: Analyzing China’s cyberattack on U.S. telecoms
• New details reveal Salt Typhoon used leaked creds in telecom attack
• U.S. Government identifies and indicts LockBit mastermind