The Justice Department charged twelve Chinese nationals in connection to a sweeping cyberespionage operation that allegedly targeted U.S. government agencies, dissidents, and foreign governments.
Key Takeaways
- Eight alleged leaders and employees of private hacking company I-Soon are among those charged with conducting global cyberattacks targeting dissidents, news organizations, and U.S. agencies.
- The scheme, as alleged by the Department of Justice, reveals China’s use of private contractors to create plausible deniability for state-sponsored hacking operations, with hackers charging between $10,000-$75,000 per compromised email account.
- Targeted victims reportedly included critics of the Chinese government, religious organizations, foreign ministries in Asia, and multiple U.S. government agencies including the Treasury Department.
- China’s foreign ministry has denied the allegations, calling them a “smear” and accusing the U.S. of hypocrisy regarding cyber operations.
- The U.S. Treasury Department has announced sanctions against the defendants, while the State Department is offering rewards for information leading to their capture.
China’s Cyber Mercenary Network Exposed
The U.S. Justice Department has unveiled indictments against twelve Chinese nationals in connection with extensive hacking operations targeting American interests. Eight of the accused are reportedly affiliated with I-Soon, a private hacking company founded in 2010 by Wu Haibo that allegedly carried out cyberattacks against various governments, Chinese dissidents, and U.S. media outlets. This operation, as alleged, represents part of a broader network of Chinese private contractors selling hacking services to government agencies.
According to the indictments unsealed in the Southern District of New York and the District of Columbia, the hackers sometimes operated directly under orders from China’s Ministry of Public Security (MPS) and Ministry of State Security (MSS), while in other instances selling stolen information to these agencies. This arrangement reportedly provided Chinese authorities with plausible deniability while still obtaining valuable intelligence from targets worldwide.
US charges Chinese hackers and government officials in a broad cybercrime campaign https://t.co/4RXfJIvKJt
— WLOX (@WLOX) March 6, 2025
Sophisticated Operations and Financial Incentives
The scale of these operations was significant, according to the allegations, with I-Soon reportedly charging the Chinese government between $10,000 and $75,000 for each successfully hacked email inbox. The group is accused of targeting governments including India, Taiwan, and Mongolia, while also focusing on Chinese dissidents and media outlets in the United States. The hackers are part of a group known by various names in the cybersecurity community, including “APT 27,” “Threat Group 3390,” and “Silk Typhoon.”
A separate indictment charges two other Chinese hackers in a for-profit campaign targeting U.S. technology companies, think tanks, and the U.S. Treasury Department, which previously disclosed what it called a “major cybersecurity incident.” The hackers reportedly exploited sophisticated techniques to gain access to private communications of Americans and steal sensitive data from various targets, representing what U.S. officials describe as a persistent threat to American national security.
Chinese Response and U.S. Countermeasures
The Chinese government has firmly rejected the accusations. Foreign Ministry spokesperson Lin Jian stated that “China firmly opposes the groundless accusation made by the US and urges the US to immediately stop abusing sanctions.” Similarly, a spokesperson for the Chinese Embassy in Washington dismissed the allegations as a “smear” campaign against China, calling for “evidence-based characterizations of cyber incidents” rather than what they termed “groundless speculation.”
The U.S. Treasury Department has announced sanctions against the defendants, while the State Department is offering rewards for information leading to their arrest. The FBI and other agencies continue working to expose and deter these cyber threats, with assistance from Microsoft and other private sector partners to strengthen defenses. Despite these measures, all of the accused currently remain at large, with U.S. authorities seeking international cooperation for their capture.
Sources
- US charges Chinese hackers and government officials in a broad cybercrime campaign
- Justice Department Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns
- U.S. charges Chinese hackers, government officials in broad cyberespionage campaign
