Mar 06, 2025 14:00:00

The U.S. Department of Justice indicts 12 people, including members of the Chinese hacking group APT27

The Department of Justice has indicted 12 individuals, including members of the hacking group Advanced Persistent Threat 27 (APT27), also known as Emissary Panda and Silk Typhoon, for allegedly hacking into more than 100 organizations, including the U.S. Treasury Department.

Office of Public Affairs | Justice Department Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns | United States Department of Justice

https://www.justice.gov/opa/pr/justice-department-charges-12-chinese-contract-hackers-and-law-enforcement-officers-global

Justice Department charges Chinese hackers-for-hire linked to Treasury breach | TechCrunch

https://techcrunch.com/2025/03/05/justice-department-charges-chinese-hackers-for-hire-linked-to-treasury-breach/

Justice Department indicts Chinese officials and contractors over cyber intrusion campaign - SiliconANGLE
https://siliconangle.com/2025/03/05/justice-department-indicts-chinese-officials-contractors-cyber-intrusion-campaign/

Of the 12 indicted, two are believed to have close ties to APT27.

According to the Justice Department's indictment, beginning in 2013, the two exploited multiple security holes in enterprise software to gain access to victims' networks, steal data, and sell it to third parties.

Chinese government hacker 'Silk Typhoon' infiltrates US government agency that reviews national security risks of overseas investments - GIGAZINE

The FBI has seized virtual private servers and other infrastructure used by the defendants to carry out the US Treasury hack.

The remaining eight are employees, including the CEO and COO, of I-Soon, a hacking contractor affiliated with the Chinese government. I-Soon was involved in a wide range of hacking operations from 2016 to 2023. The employees indicted are accused of not only hacking at the request of Chinese intelligence agencies, but also of illegally accessing systems of their own volition in order to sell stolen data to the Chinese government.

Chinese government hacking firm I-Soon uploads classified documents to GitHub, experts say 'most detailed and significant leak ever' - GIGAZINE

Prosecutors said the hacking operation targeted US-based organisations, including religious groups critical of the Chinese government, groups promoting religious freedom and several US news organisations.

I-Soon also reportedly sold data stolen by members of APT27, though it is unclear whether the data was stolen from the Treasury Department.

The remaining two are said to be from the Chinese Ministry of Public Security.

The defendants remain at large, and the Department of Justice is offering a reward of up to $10 million for information leading to the tracing of I-Soon employees and $2 million for information leading to members of APT27.