The US Department of Justice (DOJ) has announced the accusation of 12 Chinese citizens for allegedly participating in a wide scheme aimed at stealing data and suppression of free speech and disagreement worldwide.
A personality Include two officers of the Ministry of Public Security of the People’s Republic of China (PRC), eight employees of the alleged Private company PRC, Anthun Information Technology Co. Ltd. (安洵信息技术有限公司) also known as I-Soonand members of an advanced sustainable threat 27 (APT27AKA BUDWWORM, BRONZE Union, EMISAR PANDA, LUCKY MOUSE and Iron Tiger) –
- Wu Job, Chief Executive Director
- Chen Chen (陈诚), Chief Operational Director
- Wang Zhe, Director of Sales
- Liang Gudong, technical staff
- Mai li, technical staff
- Van Yang (王堰), technical staff
- XU LANG (徐梁), technical staff
- Zhou Wei (周伟伟), technical staff
- Van Liu, officer of deputies
- Shen Jing (盛晶), an employee of deputies
- Yin Kechen (Yin Kechen), actor apt27 AKA “YKC”
- Zhou Shuai (Zhou Shuai), AKA ACTER AKA “COLDAFACE”
“These malicious cyber-actors operating as freelancers or as I-Son staff conducted computer invads on the direction of China and the Ministry of State Security (MSS) and on their own initiative,” Doj – Note. “MPs and MSS paid beautifully for stolen data.”
The court documents show that MPs and MSS used a network of private companies and contractors in China to break the companies and steal the data, as well as the government’s involvement.
Were eight I-SON employees as well as two deputies officers accused Excuse me in email accounts, cell phones, servers and web -rests, at least 2016 or around 2023.
The American Federal Investigation Bureau (FBI) has claimed that the activity related to I-Soon Water panda (AKA Redhotel) while APT27 is overlapping with Silk typhoon. UNC5221and Uta0178.
Agency Next – noted The fact that the Chinese government uses formal and informal ties with freelance hackers and information security companies to endure computer networks around the world.
Separately the award program of the US Department of Justice (RFJ) has announced The award of up to $ 10 million for information leading to the identification or placement of any person involved in malicious cyber -activity against the US critical infrastructure, acting under the guidance of a foreign government.
Further Doj noted that I-Soon and its staff brought tens of millions of profit that made the company a key player in Hacker-For Hire. It is estimated that from $ 10,000 to $ 75,000 for each mailbox that it successfully exploits.
“In some cases, I-Soon conducted computer invads at the request of MSS or MPS, including transnational repression with cyber-support towards the defendants of the deputies,” the department said.
“In other cases, I-Son conducted computer invads on their own initiative, and then sold or tried to sell, stolen data at least 43 different MSC bureaus or at least 31 individual provinces and municipalities in China.”
The targets of the I-SON attacks included a major religious organization in the US, critics and dissidents of the PRC, the state legislative body, state-owned US states, and several governments of Asia and information organizations.
Additional cash reward up to $ 2 million was announced To obtain information leading to arrests and/or criminal convictions of Shuai and Kechan, who are accused of participating in a long -standing, complex computer conspiracy to violate US victims, municipalities and organizations to make profits from 2011 and steal data after sustainable access via via Plug malicious software.
Simultaneously with the allegations, Doj also announced the capture of four domains related to I-Soon and APT27 actors.
- ecoatmosphere.org
- Newyorker.Cloud
- heidrickjobs.com, and
- Maddmail.site
“Victims of the I-Soon aroused interest for the PRC government because, for other reasons, they were known foreign critics of the People’s Republic of China or because the PRC government considered them threatening the Chinese Communist Party,” DJ – Note.
The company also said to have prepared the deputies of how to crack regardless of the I-Soon and provides for sale various hacking methods, which it called “offensive industry and defensive technology” and “arsenal vulnerability with zero day”.
Advertised to the tools was a software called “Automated Platform for Testing for Penetration”, which is capable of sending phishing -leafs, making files with malicious software that provides remote access to the victims when opening and cloning the victims to try to deceive them in case of sensitive information.
Another of the I-Soon offers is a password that is engaged in a password known as the “Divine Mathematical Platform for Passwords” and the program designed to hack into various online services such as Microsoft Outlook, Gmail and X (previously Twitter), among others.
“As for Twitter, I sold the software with the ability to send the victim a link to the Phishing Did and then access and control the victim’s account,” DOJ explained.
“The software was able to access Twitter even without the victim’s password and bypass multifactorial authentication. Once the victim’s Twitter was compromised, the software can send tweets, delete tweets, forth tweets, and how to do.”
The purpose of the instrument called the “Public Opinion Platform and Control (Abroad)” was to allow customers to use the X -hacking network to understand public opinion outside China.
“The allegations announced today expose the permanent attempts of the PRC to spy on how anyone believes that the Communist Party of China is threatened,” R. Beckshi said in a statement.
“The Chinese government has tried to hide its efforts by working through a private campaign, but their actions are perennial, supporting state-owned religious and media organizations, numerous state institutions in several countries and dissidents around the world who have dared to criticize the regime.”
