The US Department of Justice (DOJ) has released accusations against 12 Chinese citizens of allegedly stealing data, free speech and participation in a wide range of schemes designed to challenge globally.
Individuals include two officers of the People’s Republic of China (PRC) Ministry of Public Safety (MPS), eight employees of the ostensibly private PRC company, Ancun Information Technology Co. Ltd. (and), also known as I-Soon, and members of the Highly Persistent Threats (APT27, Aka Budworm, Bronze Union, Emissary Panda, Icranda, Irin and bronze Nution.
Wu Haibo, Chief Executive Officer Chen Chen, Chief Operating Officer Wang Zhe, Sales Director Lian Gudong, Technical Staff Ma Li, Technical Staff Wang Yang, Technical Staff Xu Liang, Technical Staff Zhouweii (MPS Officer Yin Kecheng, Apt27 Actor AKA “YKC” Zhou Shuai, APT27 Actor AKA “Coldface”
“These malicious cyber actors, who act as freelancers or as employees of I-SOON, carried out computer intrusions at the direction of the PRC’s MPS and the Department of National Security (MSS). “The MPS and MSS paid brilliantly for the stolen data.”
Court documents reveal that MPS and MSS are employing a network of Chinese private companies and contractors to indiscriminately infiltrate businesses, steal data and blur government involvement.
Eight ISOON employees, alongside two MPS officers, have been accused of breaking into email accounts, mobile phones, servers and websites from at least 2016 or around until 2023.
The US Federal Bureau of Investigation (FBI) said in court filings that activities related to I-SOON were tracked by the cybersecurity community under Monica’s Aquatic Panda (aka Redhotel) and that APT27 overlaps with that of Silk Timson, UNC5221 and UTA0178.
The agency further noted that the Chinese government is using formal and informal ties with freelance hackers and information security companies to breach computer networks around the world.
Separately, the U.S. Department of State’s Judicial Remuneration (RFJ) program has announced rewards of up to $10 million for information that leads to the identification or location of people engaged in malicious cyber activities against the critical U.S. infrastructure while acting under the direction of foreign governments.
DOJ also noted that I-SOON and its employees generated tens of millions of dollars in revenue and became key players in the PRC Hacker-for-Hire ecosystem. It is estimated that it was charged between $10,000 and $75,000 for each email inbox that was successfully misused.
“In some cases, I-SOON has carried out computer intrusions in response to MSS or MPS requests, including cyber-responsive cross-border suppression in the direction of MPS officer defendants,” the department said.
“In other instances, I-SOON has implemented computer intrusions on its own initiative, attempting to stolen or sell stolen data to at least 43 different stations of MSS or MPS in at least 31 separate states and municipalities in China.”
Targets for the I-SOON attack included large US religious groups, critics and dissidents of the PRC government, state legislative groups, US government agencies, multiple government foreign ministries in Asia, and the press.
Additional financial rewards of up to $2 million have been announced for information that will lead to the arrests and convictions of Shuai and Kechen. They have been accused of participating in a long-standing sophisticated computer hacking conspiracy to infringe US victim companies, municipalities and organizations for profit since 2011, stealing data after establishing persistent access via plug-kuru malware.
At the same time as the accusation, DOJ also announced the seizure of four domains linked to I-SOON and APT27 actors.
ecoatmosphere.org newyorker.cloud heidrickjobs.com, and maddmail.site
“The victims of I-SOON were interesting to the PRC government because, among other reasons, they were either prominent foreign critics of the PRC government, or the Chinese government thought they were threatening the rules of the Communist Party of China,” the DOJ said.
The company is also said to train MPS employees on how to hack independently of I-SOON and sell a variety of hacking methods known as “industry-leading offensive and defensive technologies” and “zero-day vulnerability arsenal.”
What was promoted within the tool is software called “Automatic Penetration Testing Platforms” that can send phishing emails, creating files with malware that provides remote access to the victim’s computer when opened, and attempting to clone the victim’s website to provide sensitive information.
Another product from ISOON is a password cracking utility known as the “God’s Mathematician Password Cracking Platform” and a program designed to hack into a variety of online services such as Microsoft Outlook, Gmail, X (formerly Twitter).
“As for Twitter, I-Soon sold software with the ability to send spear phishing links to victims and gain access and control over the victim’s Twitter account,” explained DOJ.
“The software allowed you to access Twitter and bypass multi-factor authentication without the victim’s password. After the victim’s Twitter is compromised, the software can send, delete, delete, delete, create comments, and prefer tweets.”
The purpose of the tool, known as the “public opinion guidance and control platform (overseas)” was to allow the company’s customers to leverage a network of hacked X accounts to understand public opinion outside of China.
“The accusations released today expose PRC’s continued attempts to spy on and silence anyone who thinks they are threatening the Chinese Communist Party,” a representative representative for Leslie R. Buckseys said in a statement.
“The Chinese government has tried to hide its efforts by working through private companies, but their actions amount to long-standing hacks of religious and media organizations, as well as opposition critics of government agencies in multiple countries and opposition regimes around the world.”
Source link
