TAIPEI (Taiwan News) — The US Department of Justice on Wednesday indicted 12 Chinese hackers for launching cyberattacks against international corporate and government websites, including Taiwan's Ministry of Foreign Affairs.
The Justice Department filed lawsuits in New York and Washington, detailing the charges, per The New York Times. In the New York case, US federal officials accused 10 individuals of working together to steal targeted data.
Eight suspects were employees of Chinese cybersecurity firm i-Soon, while the other two were affiliated with China’s Ministry of Public Security.
The indictment said that one of i-Soon’s core businesses was hacking into systems to steal data and provide it to the Chinese government. The company was reportedly paid between US$10,000 (NT$328,000) and US$75,000 for each email account it successfully hacked into by Beijing.
The document also highlighted the existence of a "hackers for hire" black market in China, allowing the Chinese government to plausibly deny responsibility for cyberattacks on US institutions. However, US officials said evidence showed that these private hacker groups frequently acted under the directives of two members of China’s Ministry of Public Security.
In some cases, i-Soon received direct hacking targets from Chinese government officials, while in other instances, the hackers selected their targets and attempted to sell the stolen data to Beijing. In addition, some of the company's hackers trained government employees on hacking techniques.
The FBI on Wednesday said i-Soon was tracked by cybersecurity specialists under names such as Aquatic Panda, RedHotel, and Charcoal Typhoon.
The Defense Intelligence Agency, the US Department of Commerce, and the foreign ministries of Taiwan, South Korea, India, and Indonesia were victims of i-Soon's cyberattacks, according to the US Attorney's Office. In addition, four media outlets critical of China, a religious organization, a religious leader, a state research university in the US, and the New York State Assembly were also targeted.
Sue J. Bai, head of the Justice Department's national security division, said that the charges demonstrate that the Chinese government is “directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed."
These 12 Chinese nationals are unlikely to appear in a US court for trial. However, the US government has long employed a "name and shame" strategy, aiming to expose China’s cyber activities and increase international pressure on its government, per the New York Times.