WASHINGTON—U.S. authorities have charged a dozen Chinese contract hackers and law enforcement officials for their involvement in a years-long hacking campaign to steal data from the U.S. government and undermine dissident groups.
The Epoch Times has learned that it was a victim of the hacking campaign.
Eight of the defendants work for i-Soon, a Chinese tech firm that has hacked victims around the globe, including U.S. government agencies and dissident groups that the Chinese Communist Party (CCP) considers a threat, according to Department of Justice (DOJ) filings released on March 5.
From 2016 through 2023, i-Soon breached email accounts, cellphones, servers, and websites under Beijing’s instructions and made tens of millions of dollars from doing so, according to the DOJ. The company allegedly worked with 43 Chinese regime intelligence or police bureaus, charging between $10,000 and $75,000 for each email inbox hacked.
Its victims include The Epoch Times, a New York-based newspaper that publishes China-related news critical of the Chinese regime; an organization that promotes human rights in China; a U.S. religious organization with thousands of churches; a Washington-based U.S.-funded news service; the foreign ministries of Taiwan, India, South Korea, and Indonesia; a U.S.-based religious leader; and the U.S. Defense Intelligence Agency, U.S. Department of Commerce, and New York State Assembly.
Hacking The Epoch Times
The i-Soon company used various methods to hack its victims. It trained Chinese Ministry of Public Security employees on hacking techniques, according to the court documents.
It allegedly sold bespoke software designed to target accounts on a range of applications, among them Microsoft Outlook, Gmail, Android cellphones, social media platform X, and computer systems such as Windows, Macintosh, and Linux.
Hackers targeted at least four news service agencies, including two newspapers based in New York state and one in Hong Kong, the document stated.
Under the direction of Chinese police officer Wang Liyu, who is also on the list of people charged, the i-Soon employees launched a distributed denial-of-service attack in December 2016 that temporarily shut down the website of The Epoch Times.
In about May 2017, they compromised the email accounts of the newspaper’s chief editor and a vice president, according to the court filing. In September 2017, Sheng Jing, another Ministry of Public Security officer under U.S. charges, asked the i-Soon associates to identify the Chinese IP addresses that had accessed the newspaper’s website. The officer did this in order to locate dissidents in China. Wang gave i-Soon the username and password of the administrator account of The Epoch Times’ website, according to the court filing.
The hackers also accessed about 200 email accounts belonging to executives and employees of a Texas-based religious organization with millions of members. The organization had previously sent missionaries to China, according to the DOJ.
The court filing states that they attempted to use spear phishing emails to hack into the Defense Intelligence Agency, an agency within the Department of Defense that specializes in defense and military intelligence, but the effort was not successful. The same method also failed in another campaign against the International Trade Administration, an agency under the Commerce Department that promotes U.S. exports.
Janice Trey, CEO of The Epoch Times, applauded the U.S. government for “prosecuting Chinese hackers that targeted The Epoch Times for its independent reporting.”
Silk Typhoon
According to the DOJ, the Chinese regime employed a “hackers-for-hire” system, hiring private companies and contractors within the country to conduct hacking activities and steal information. This approach helped the regime conceal any direct connections to these cyberattacks.The Treasury Department also imposed sanctions on a Shanghai-based cyber actor, accusing him of working with other Chinese hackers to infiltrate critical U.S. infrastructure networks.
In an announcement, the Treasury Department identified the actor as Zhou Shuai, who has sold “illegally exfiltrated data and access to compromised computer networks” since 2018.
The March 5 sanction also applies to Zhou’s company, Shanghai Heiying Information Technology, because of its employment of numerous Chinese hackers.
Companies and organizations allegedly targeted by Zhou and Yin include “numerous” U.S.-based tech companies, local governments, think tanks, universities, and defense contractors, according to the DOJ.
All 12 people remain at large. The State Department is offering up to $10 million for information on i-Soon and its employees, as well as the two Ministry of Public Security officials. It also issued a $2 million reward for help in the arrest of Yin and Zhou, both of whom are in China.
“China offers safe harbor for private sector companies that conduct malicious cyber activity against the United States and its partners,” State Department spokesperson Tammy Bruce said in a statement.
Bruce said the multiagency effort reflects the United States’ whole-of-government approach to protect Americans and U.S. critical infrastructure against China-based cyberthreats.
She described Chinese state-backed hacking as “one of the greatest and most persistent threats to U.S. national security.”
