The US Department of Justice has announced criminal charges against 12 Chinese government-linked hackers who are accused of hacking over 100 American organizations, including the US Treasury, over the course of a decade. The charged individuals allegedly played a "key role" in China's hacker-for-hire ecosystem, targeting organizations in the US and worldwide for the purposes of "suppressing free speech and religious freedoms."

The DOJ confirmed that two of the indicted individuals, Yin Kecheng and Zhou Shuai, are linked to the China government-backed hacking group APT27, or Silk Typhoon. The two hackers are accused of carrying out "multi-year, for-profit computer intrusion campaigns" dating back to 2013, stealing data from victim organizations and selling it to third parties, some of which had links to the Chinese government.

New research from Microsoft published on Wednesday confirms that the hackers exploited flaws in Microsoft Exchange, Palo Alto Networks firewalls, Citrix NetScaler appliances, and Ivanti Pulse Connect Secure appliances as recently as January. The vulnerabilities were used to gain access to victims' networks, allowing the hackers to steal sensitive data.

The organizations targeted by Yin and Zhou include US-based technology companies, think tanks, law firms, defense contractors, local governments, health care systems, and universities. Yin has also been linked to the recent widespread hack of the US Treasury in December 2024, and was sanctioned by the Treasury Department's Office of Foreign Assets Control in February after being linked to China's Ministry of State Security (MSS), the intelligence agency responsible for the country's foreign intelligence collection.

The FBI has seized the virtual private servers and other infrastructure used by Yin to carry out the hack on the US Treasury. The Justice Department also announced charges against eight employees of Chinese government hacking contractor I-Soon, including its chief executive and chief operating officer, along with two alleged officers of China's Ministry of Public Security, the government agency that oversees public policing in the country.

According to the DOJ, the I-Soon employees were involved in a widespread hacking campaign from 2016 to 2023, generating "tens of millions of dollars." The I-Soon employees are also accused of carrying out hacks at the request of China's security agencies, as well as carrying out intrusions on their "own initiative" before selling the stolen data to the Chinese government.

This hacking campaign saw the I-Soon employees target a number of US-based organizations, including a religious organization that was critical of the Chinese government, an organization focused on promoting religious freedoms in China, and several US news organizations. Data stolen by Yin was also sold through I-Soon, prosecutors say, though it's unclear if this includes data stolen during the breach at the US Treasury.

The defendants remain at large, and the US Department of State's Rewards for Justice program has announced a reward of up to $10 million for information that helps to track down any employees of I-Soon. Separately, a reward of $2 million is being offered for information that leads to the arrest and conviction of Yin and Zhao.

This development highlights the ongoing concerns about China's cyber espionage activities and the threat they pose to national security and individual freedoms. The charges also underscore the importance of international cooperation in combating cybercrime and holding accountable those responsible for these malicious activities.

The implications of this case are far-reaching, and it remains to be seen how this will impact the already strained relations between the US and China. One thing is certain, however - the US is taking a strong stance against cyber attacks and is committed to bringing those responsible to justice.