The US Department of Justice has charged 12 Chinese nationals with carrying out a string of cyberattacks against more than 100 US organizations, including the Treasury Department, in a breach that dates back to 2013. The accused hackers allegedly worked either independently or on behalf of the Chinese government, specifically the Ministry of Public Security (MPS) and the Ministry of State Security (MSS).

According to the DOJ, two of the defendants are officers of the MPS, while eight others are employees of a Chinese company called i-Soon, which allegedly had the capability to hack into Gmail and Microsoft Outlook inboxes, as well as Twitter and X, using a tool called the "Public Opinion Guidance and Control Platform" to monitor public opinion overseas. The remaining two defendants are members of a group known as APT27, or Silk Typhoon, which has been linked to hacks of healthcare systems, universities, and IT systems that include management software.

The Treasury hack, reported in late December, is believed to have targeted management software, according to recent Microsoft research. The DOJ alleges that the hackers were motivated by financial gain, with the MPS and MSS paying handsomely for stolen data. The i-Soon group generated tens of millions of dollars in revenue as a key player in China's hacker-for-hire ecosystem, selling stolen data to at least 43 different bureaus of the MSS or MPS in 31 separate provinces and municipalities in China.

The defendants' methods included conducting computer intrusions at the request of the MSS or MPS, as well as selling hacking methods to customers. In some instances, i-Soon trained MPS employees how to hack independently of the company. The DOJ alleges that the defendants targeted a broad range of victims, including US-based technology companies, think tanks, law firms, defense contractors, local governments, healthcare systems, and universities, causing millions of dollars in damages.

Other victims of i-Soon's hacks include two New York newspapers, the US Department of Commerce, and the Defense Intelligence Agency. None of the defendants are currently in custody, and the US government is offering up to $10 million for information leading to the identification of those accused of directing or carrying out i-Soon's malicious cyber activity. Additionally, the government is offering up to $2 million each for information leading to the arrests and convictions of Silk Typhoon members Yin Kecheng and Zhou Shuai.

This development highlights the ongoing threat of cyberattacks from nation-state actors and the importance of robust cybersecurity measures to protect sensitive data. The incident also underscores the need for increased international cooperation to combat cybercrime and bring perpetrators to justice.

The charges against the 12 Chinese nationals come amid growing concerns about China's cyber activities and its potential impact on global security. The incident is likely to escalate tensions between the US and China, which have been at odds over issues such as trade, intellectual property, and national security.

As the cybersecurity landscape continues to evolve, this incident serves as a reminder of the importance of staying vigilant and proactive in the face of emerging threats. It also highlights the need for governments, organizations, and individuals to work together to combat cybercrime and protect sensitive information.