US Justice Dept announces $10 million bounty on at-large ‘hacker-for-hire’ cabal it says targeted China critics, religious missionaries, and the Treasury

The US Department of Justice announced yesterday that it’s charging 12 alleged Chinese hackers over a string of cyber-attacks supposedly undertaken on behalf of China’s Public and State Security Ministries (the MPS and MSS, respectively).

“Victims include US-based critics and dissidents of the PRC, a large religious organization in the United States, the foreign ministries of multiple governments in Asia, and US federal and state government agencies,” says the DOJ.

The 12 defendants are divided into three groups across three unsealed indictments—eight are employees of an “ostensibly private” Chinese company called Anxun Information Technology Co. Ltd. (or i-Soon), two are officers of China’s MPS, and the final two are said to be members of the hacking group Advanced Persistent Threat 27 (APT27)—known also by such Robert Ludlum-esque names as Bronze Union, Emissary Panda, Lucky Mouse, Iron Tiger, Silk Typhoon, and Threat Group 3390.

The DOJ accuses the eight i-Soon techs of conducting “computer intrusions at the direction of the PRC’s MPS and Ministry of State Security (MSS) and on their own initiative,” and turning over stolen data to the Ministries for hefty sums of money.

The DOJ notes the US Treasury as one victim of such an attack, but otherwise remains pretty vague about precisely who was targeted—describing them as “a large religious organization that previously sent missionaries to China and was openly critical of the PRC government and an organization focused on promoting human rights and religious freedom in China.” The US also claims that these alleged hackers “targeted multiple news organizations in the United States, including those that have opposed the CCP or delivered uncensored news to audiences in Asia.”

The i-Soon and MPS defendants are part of a single indictment, while the alleged APT27 members get their own pair of specific indictments. The APT27 cases accuse the duo—Yin ‘Coldface’ Kecheng and Zhou ‘YKCAI’ Shuai—of “multi-year, for-profit computer intrusion campaigns dating back, in the case of Yin, to 2013.”

The DOJ accuses the pair of being motivated by money, and alleges that both left systems open and vulnerable in their campaign against organisations ranging from universities, to think tanks, to local governments, to defence contractors. Zhou and Yin each have their own entries on the FBI’s Most Wanted database.

Absolutely none of the accused are in custody, which is probably why the State Department has just announced a $10 million bounty for information leading to the identification or location of anyone targeted in the DOJ’s i-Soon/MPS indictment. Or, indeed, for anyone who “while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act.”

Yin Kecheng and Zhou Shuai, meanwhile, each have a $2 million bounty on their heads for anyone who provides “information leading to [their] arrests and convictions, in any country”.