U.S. indicts Chinese hackers in sweeping cyber espionage case
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Annelise Capossela/Axios
Federal authorities have charged 10 individuals and two Chinese government officials on Wednesday in connection to several high-profile Beijing-backed intrusions.
Why it matters: The U.S. alleges that these individuals helped carry out a wide-reaching Chinese espionage campaign that targeted U.S. government agencies, state governments, news services, universities, defense contractors, law firms, and critical infrastructure.
Catch up quick: The people either worked for Silk Typhoon — the Chinese hacking team linked to last year's Treasury breach — or for I-Soon, an offensive "hacker-for-hire" contractor that was exposed in an extensive online document leak last year.
- The leaked documents, which were publicly available on GitHub, detailed I-Soon's clients and targets.
The big picture: The indictment offers one of the clearest insights yet into the shadowy world of offensive cyber contracting — a common practice among the world's superpowers.
- The Justice Department also seized the web infrastructure that both the Silk Typhoon and I-Soon hackers used in their attacks.
- A spokesperson for the Chinese embassy did not immediately respond to a request for comment.
Zoom in: According to one indictment, I-Soon hacked a range of U.S. victims, including:
- The Defense Intelligence Agency, the Department of Commerce and the International Trade Administration;
- Two New York City-based newspapers, including one that publishes news related to China and is opposed to the Chinese Communist Party;
- A massive religious organization with millions of members;
- The New York State Assembly and a state research university;
- A D.C.-based news service that "delivers uncensored domestic news to audiences in Asian countries, including China;" and
- Several foreign ministries across southeast Asia.
Meanwhile, according to a second indictment, the two hackers linked to Silk Typhoon targeted:
- U.S. technology and defense contractors working with the Pentagon and intelligence agencies;
- A university-based academic health system with servers in California;
- A major law firm with hundreds of attorneys specializing in corporate and intellectual property;
- A municipal government in the U.S.; and
- A D.C. think tank specializing in defense policy and a law firm that works on IP theft issues.
Between the lines: The indictment reveals new details about how I-Soon worked with Beijing, including how much it charged, how long it worked on these efforts and more.
- I-Soon is believed to have worked with at least 43 different bureaus of China's Ministry of State Security and Ministry of Public Security across 31 different provinces and municipalities, according to the FBI.
- The company also charged the agencies between $10,000 and $75,000 for each email inbox it successfully hacked, according to the indictment.
- Sometimes I-Soon worked at the direction of the agencies and other times it would conduct its own hacks and then sell either the network access or data stolen from those targets to the Chinese government.
The intrigue: I-Soon would train Chinese government employees to hack on their own, and it sold various tools to help them carry out their attacks.
- One of those products gave customers the ability to write phishing emails, create malware-laced files and clone websites, according to the U.S. Justice Department.
Reality check: China is unlikely to extradite the indicted individuals, but the charges do bar them from traveling to the United States or allied countries where they could be arrested.
Go deeper: Leaked documents detail inner-workings of China's vast hacking operations
