US prosecutors charged eight employees of a Chinese cybersecurity firm and two government officials with hacking American targets including federal government agencies, news outlets, a university, religious groups and the New York legislature, court records show. (Chief Photographer, MoD, Crown, Wikimedia Commons)
US prosecutors charged eight employees of a Chinese cybersecurity firm and two government officials with hacking American targets including federal government agencies, news outlets, a university, religious groups and the New York legislature, court records show.
The staff of i-Soon, a Shanghai-based firm, and two Chinese Ministry of Public Security officials were charged with various crimes for their alleged hacking of numerous of email accounts, mobile phones, servers and websites between 2016 and 2023, according to an indictment unsealed Wednesday.
Representatives for i-Soon, a Shanghai-based cybersecurity company, and for the Chinese Embassy in Washington didn’t immediately respond to requests for comment.
Separate charges against two other Chinese citizens were also unsealed Wednesday accusing them of a years-long scheme of hacking and selling stolen data for profit.
The individual defendants didn’t have lawyers listed for them in court records and couldn’t be located for comment. The victims of the hacking campaigns include at least three news outlets, the US Department of Commerce, the International Trade Administration, the Defense Intelligence Agency, a religious group with thousands of churches and staff of the New York State Assembly, according to the indictment, which doesn’t identify the news outlets or religious group by name.
A key part of i-Soon’s business was using cyberattacks to steal data on behalf of the Chinese government, including the Ministry of Public Security and the Ministry of State Security, the court records state. The company charged the MPS and MSS the equivalent of between $10,000 and $75,000 for each email inbox it successfully hacked, US prosecutors said. i-Soon allegedly offered analysis of the data for an additional fee.
Some of the hacks were at the direction of the Chinese agencies. In other instances, i-Soon conducted its own hacks and then tried to sell the stolen data to different bureaus of the MPS and MSS, according to prosecutors.
One method i-Soon employees used for hacking was “spearphishing,” a type of phishing attack that targets a specific person or group. The company developed a set of rules for employees to follow when attempting such a hack, according to the US. “For example, the first rule stated, ‘No batch sending, not batch sending, no batch sending,” according to the indictment. “Spearphishing emails are easier to detect as malicious if they are sent repeatedly.”
i-Soon drew notice last year when files attributed to the company were posted on the code-sharing site GitHub, revealing how cybersecurity firms, researchers and the government in China were intricately intertwined.
