The U.S. Department of Justice has leveled charges against 12 individuals from China, linking them to a sophisticated effort aimed at data theft and the suppression of free speech worldwide. These individuals are believed to have ties to the People’s Republic of China’s Ministry of Public Security and a private cybersecurity company, Anxun Information Technology Co. Ltd., also known as i-Soon.
The accused consist of various roles within the organization, including two officials from the Ministry of Public Security and eight employees from Anxun. Their operations reportedly included breaking into email systems, servers, and personal devices, allegedly at the direction of Chinese government agencies, hence raising questions about the involvement of state-sponsored actors in this extensive cyber campaign.
Court documents suggest that the Ministry of Public Security utilized a network of private contractors to infiltrate systems globally while attempting to mask its governmental involvement. The actions of i-Soon’s staff, alongside MPS officials, spanned from around 2016 to 2023, during which they allegedly executed cyber intrusions to access sensitive data from various entities including international organizations, religious groups in the United States, and government bodies.
The FBI has classified i-Soon’s activities under several hacking monikers such as Aquatic Panda and Bronze University, linking them not only to the APT27 group but also to various other persistent threat actors. The tactics reportedly deployed in these operations could include initial access techniques such as phishing, and exploitation of known vulnerabilities, as well as methods for data exfiltration—key components referenced in the MITRE ATT&CK framework.
To complicate matters further, the U.S. Department of State’s Rewards for Justice program has introduced a bounty of up to $10 million for information leading to individuals involved in malicious cyber activities targeting critical infrastructure. This increase in rewards highlights the U.S. government’s intent to address and mitigate risks posed by state-sponsored cyber threats.
According to the allegations, i-Soon generated millions in revenue, acting as a pivotal player within a market where cyber services are provided for data theft. Reports indicate that the company charged substantial fees for compromised email accounts, further solidifying its role in what appears to be a broader strategy of cyber-enabled repression.
The targeted organizations included those critical of the Chinese government and foreign institutions that may pose challenges to its governance. The Department of Justice has noted that i-Soon not only conducted cyber intrusions on behalf of the Ministry of State Security but also independently marketed stolen data to various government sectors across China, emphasizing its dubious business practices.
Furthermore, the Justice Department has seized several online domains linked to i-Soon and the APT27 group, signaling an ongoing effort to dismantle these destructive cyber networks. Among the seized domains were those affiliated with nefarious activities, further illuminating the extent of the threats posed by these state-sponsored cyber operators.
The charged individuals have also been accused of training Chinese officials in hacking techniques, promoting a culture of cyber intrusiveness that has both domestic and international ramifications. With tools designed for phishing and unauthorized access to social media platforms like Twitter, the group has tailored its offerings to exploit specific vulnerabilities.
The comprehensive nature of this case showcases the persistent efforts of the Chinese government in utilizing private companies for state-sponsored cyber operations, raising alarms for business leaders globally. The implications of this model could have significant effects on cybersecurity strategies, stressing the importance of awareness and preparedness among organizations facing the evolving landscape of cyber threats.
