Beijing is running a “hacker for hire” network consisting of Chinese government employees, contract hackers, and officials, aimed at stealing sensitive and influential data from organisations, including those run by governments worldwide, said a US Justice Department official.
To prevent these attacks, the US Department of Justice has indicted 12 Chinese nationals, including two officials from China’s Ministry of Public Security, some employees of private firm Anxun Information Technology Co. Ltd. – also known as i-Soon – and members of APT27, an alleged Beijing-backed hacking group.
The involved individuals are set to face federal charges in New York and Washington.
Senior national security officials said the network had targeted several entities, including the US Treasury Department, which endured a significant breach in 2024.
“The indictments and other court documents allege that Chinese law enforcement and intelligence services exploit China’s reckless and indiscriminate hacker-for-hire ecosystem to suppress free speech and steal data from numerous organisations around the world, including the Treasury Department,” the official said in a background call with reporters.
Although the hack attack carried out on the US Treasury Department was not included in the indictments unsealed on Wednesday.
The warrant issued by the US authorities has cited a December 2024 letter from the Treasury Department to Congress that the “breach was attributed to Chinese state-sponsored advanced persistent threat actor.”
The accused are said to have carried out “numerous and widespread” hackings of email accounts, mobile phones, servers, and websites at the “direction of, and in close coordination” with China’s Ministry of Security Service, the country’s principal intelligence service, and its Ministry of Public Security, according to the indictment.
The attacks allegedly took place from 2016 to 2023.
“The economic loss of theft of intellectual property and trade secrets, just from the Communist Party of China, is estimated between US$300 billion and US$600 billion per year,” Bill Evanina, former director of the National Counterintelligence and Security Centre, said.
“He said that ‘around 80 per cent of information pertaining to US citizens was compromised and stolen by the CCP during the past decade’, adding that if coordinated attacks are carried out, this would result in millions of US households, including critical public infrastructure, being without heat and electricity.”
Representative Bennie Thompson, Democrat of Mississippi, said China was “the most active and persistent cyber threat to the United States government, private sector, and critical infrastructure networks.”
Craig Singleton, a senior fellow at the Foundation for Defence of Democracies, said, “Chinese actors relentlessly penetrate US networks and critical infrastructure, harvesting vast troves of sensitive data in the process.”
Representative Raja Krishnamoorthi of Illinois, the committee’s senior Democrat, said, “We should hack back the hackers,” adding “that Washington should ‘consider potentially enlisting private-sector actors’ to do so.”
This is not the first time the Chinese government has been linked to carrying out cyberattacks; they have been accused of conducting espionage on the countries that remain hostile to China, including the EU, the US, and its South Asian neighbours.
According to Christopher Wray, former director of the FBI, “China already has a more extensive hacking program than every other major nation combined and is already on top of the big five nations maintaining the great cyber force.”
