The U.S. Department of Justice has charged 12 Chinese nationals, including officers of China’s Ministry of Public Security and members of the hacking group APT27, over their alleged roles in a sprawling cyber intrusion campaign that targeted victims around the world.

Among those charged are employees of Anxun Information Technology Co. Ltd., known as “i-Soon,” a Chinese contractor that allegedly executed cyberattacks on behalf of government ministries while also selling stolen information for profit.

The malicious cyber actors, acting as freelancers or as employees of i-Soon, are claimed to have conducted computer intrusions at the alleged direction of China’s MPS, Ministry of State Security and on their own initiative. Alleged victims included U.S. government agencies such as the Department of the Treasury, religious organizations, human rights groups, journalists and the foreign ministries of multiple Asian nations.

The indictment alleges that i-Soon charged Chinese security agencies between $10,000 and $75,000 for each exploited email inbox and that the hacker-for-hire ecosystem not only served state interests but also pursued independent profit motives, leading to a broader range of cyberattacks.

Notably, the hacking group APT27 was also implicated in the activities detailed in the indictment. Members of APT27 are accused of engaging in long-term, profit-driven hacking schemes targeting U.S. technology companies, defense contractors and healthcare systems, resulting in significant financial damages.

APT27, also known as Silk Typhoon, Emissary Panda and LuckyMouse, has been identified in several cyber espionage campaigns in the past. In 2021, the group was linked to attacks exploiting vulnerabilities in Fortinet Inc. appliances to infiltrate U.S. municipal government systems. Additionally, APT27 has been associated with the distribution of the PlugX malware, a tool used by alleged Chinese state-backed threat groups.

The Justice Department’s actions include the seizure of internet domains and server accounts used by the accused, disrupting their operational infrastructure.

“The Department of Justice will relentlessly pursue those who threaten our cybersecurity by stealing from our government and our people,” said Sue J. Bai, head of the Justice Department’s National Security Division, in a statement. “Today, we are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed.”

In addition to the indictments, the U.S. Department of State’s Rewards for Justice program has announced rewards of up to $10 million for information leading to the identification or location of the alleged Chinese cyber actors. The idea is to encourage public assistance in bringing the named individuals to justice and deterring future cyberthreats.

Image: SiliconANGLE/Ideogram