The US Justice Department, FBI, Naval Criminal Investigative Service, Departments of State and the Treasury have charged 12 Chinese nationals after they allegedly hacked US-based dissidents’ data to sell it to the Chinese government.
On Tuesday, the Justice Department said the hackers included two officials from the People’s Republic of China (PRC) and the Ministry of Public Security (MPS), as well as employees of a private PRC company, I-Soon.
In a report, the Justice Department stated that cyber-actors acted as freelancers or employees to conduct cyber intrusions under the direction of the MPS and the Ministry of State Security (MSS) of the PRC and on their own initiative.
“The MPS and MSS paid handsomely for stolen data,” the organisation said in a statement.
According to the Justice Department, the hackers targeted critics and dissidents of the US-based PRC;, a large religious organisation in the US; , the foreign ministries of several governments in Asia; , and US federal and state government agencies, including the US Department of the Treasury (Treasury).
According to court documents, the MPS and MSS employed a vast network of private companies and contractors in China to hack and steal information in order to conceal the involvement of the PRC government.
In some cases, the MPS and MSS paid private hackers in China to exploit specific victims, they said.
In many other cases, the hackers targeted victims speculatively, the court documents add.
“Operating from their safe haven and motivated by profit, this network of private companies and contractors in China cast a wide net to identify vulnerable computers, exploit those computers, and then identify information that it could sell directly or indirectly to the PRC government,” the Justice Department said in a statement.
As a result, a number of systems around the world were left vulnerable to future exploitation by third parties, and more information was stolen, often of no interest to the government of the PRC and, therefore, sold to other third parties, it added.
Sue J. Bai, head of the Justice Department’s National Security Division emphasised the division’s continued efforts to tackle cybersecurity threats in the US. “We will continue to fight to dismantle this ecosystem of cyber mercenaries and protect our national security.”
Assistant director Bryan Vorndran of the FBI’s Cyber Division emphasised the importance of protecting Americans from foreign cyber-attacks.
“To those victims who bravely came forward with evidence of intrusions, we thank you for standing tall and defending our democracy,” he said.
He also warned those who choose to aid the CCP in unlawful cyber activities.
“These charges should demonstrate that we will use all available tools to identify you, indict you, and expose your malicious activity for all the world to see,” he said.
In 2020, the US indicted two Chinese nationals for allegedly hacking into the computer systems of hundreds of companies, governments and organisations worldwide, including those working on COVID-19 research.
In 2018, the US indicted two Chinese hackers associated with the Ministry of State Security for a decade-long campaign that allegedly targeted the intellectual property and confidential business information of companies in at least a dozen countries.
