In a major coordinated operation, several U.S. law enforcement agencies have charged 12 Chinese nationals with a series of cyber attacks affecting government bodies, religious groups, media organizations, and international governments.
The indicted individuals include two officers from China’s public security service, employees of a Chinese technology firm, and members of an alleged hacking group known as APT27 which is also called Iron Tiger, Emissary Panda, LuckyMouse, TG-3390, and Bronze Union.
Officials from the Department of Justice, the FBI, the Naval Criminal Investigative Service, and the Departments of State and Treasury made the announcements, linking these cyber actors to operations directed by China’s state security agencies.
According to court documents, the hackers carried out attacks from around 2016 through 2023, compromising critical data through a series of computer intrusions. In many instances, the perpetrators earned significant sums by selling the stolen information to Chinese government agencies.
In its press release, the US Department of Justice stated that a key part of the investigation involves a private firm, i-Soon Information Technology. A federal court in Manhattan unsealed an indictment accusing eight employees from i-Soon along with two public security officers of breaching email accounts, cell phones, servers, and websites.
The court has also authorized the seizure of the primary internet domain tied to this group, which has been linked to cyber activities including the targeting of U.S.-based critics, a U.S. religious organization, and several news outlets.
In parallel, separate indictments are targeting members of the hacking group APT27, who have been active since at least 2013. These charges detail efforts to infiltrate networks across a range of sectors; from technology firms and think tanks to law firms and universities.
Among the claims is a recent hack on the U.S. Treasury conducted late last year, where the use of rented virtual private servers played a key role. Investigators have seized digital infrastructure tied to these operations to dismantle the network. These are the names and job titles of the accused:
Ma Li (马丽), Technical Staff
Wang Zhe (王哲), Sales Director
Sheng Jing (盛晶), MPS Officer
Xu Liang (徐梁), Technical Staff
Wang Liyu (王立宇), MPS Officer
Wang Yan (王堰), Technical Staff
Zhou Weiwei (周伟伟), Technical Staff
Liang Guodong (梁国栋), Technical Staff
Wu Haibo (吴海波), Chief Executive Officer
Chen Cheng (陈诚), Chief Operating Officer
Law enforcement officials have also emphasized that the attackers were not just state-sponsored operatives but also worked as freelancers and through private companies. Their broad targeting has left many systems exposed to further cyber incidents, causing significant financial and reputational damage to affected organizations.
In response to these actions, U.S. authorities have issued attractive rewards for information leading to the identification or location of some of these cyber actors. One reward offer is up to $10 million for details on certain individuals linked to the hacking network, while another program offers up to $2 million for information on others operating from within China.
