CyberSecurityBoard
Sponsor Register Login

12 Chinese Hackers Charged For Cyber Attacks on U.S Treasury

The defendants include two officers from China’s Ministry of Public Security (MPS), eight employees of Chengdu-based i-Soon Information Technology, and two members of the APT27 threat group (also known as Silk Typhoon or Emissary Panda). “Today’s announcements reveal that the Chinese Ministry of Public Security has been paying hackers-for-hire to inflict digital harm on Americans who criticize the Chinese Communist Party (CCP),” FBI Cyber Division Assistant Director Bryan Vorndran. The charges reveal an extensive, decade-long operation leveraging advanced malware like PlugX and HyperBro, exploitation of vulnerabilities such as CVE-2017-0213, and collaboration with Chinese security agencies to suppress dissent and steal sensitive data. APT27, active since at least 2010, has been linked to cyber espionage targeting defense, aerospace, and government sectors using custom tools like PlugX and QuarkBandit. However, leaked i-Soon marketing materials revealed contracts with over 43 Chinese security bureaus, underscoring the blurred lines between state and private-sector hackers. According to court documents, i-Soon operated as a “hacker-for-hire” entity, charging the MPS and Ministry of State Security (MSS) between $10,000 and $75,000 per compromised email inbox. The State Department announced $10 million rewards for information on i-Soon operatives and $2 million for APT27 members Zhou Shuai (“Coldface”) and Yin Kecheng. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Concurrently, the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Shanghai Heiying Information Technology, a front company for Zhou Shuai, and blocked assets linked to the hacking campaigns. The indictments coincide with heightened U.S. efforts to counter Chinese cyber threats, including a House Select Committee hearing on bolstering critical infrastructure defenses. The group used DLL side-loading with a legitimate Google Updater executable (goopdate.dll) to deploy PlugX and Clambling malware while leveraging Mimikatz for credential harvesting and CVE-2017-0213 for privilege escalation. In one incident, APT27 actors exploited ProxyShell vulnerabilities (CVE-2021-26855, CVE-2021-34473) in Microsoft Exchange servers to deploy HyperBro, a memory-resident backdoor enabling remote command execution. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 06 Mar 2025 05:55:11 +0000


Cyber News related to 12 Chinese Hackers Charged For Cyber Attacks on U.S Treasury

Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
1 year ago Apnews.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
1 year ago Cysecurity.news Volt Typhoon
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
2 years ago Securityweek.com Silence
12 Chinese Hackers Charged For Cyber Attacks on U.S Treasury - The defendants include two officers from China’s Ministry of Public Security (MPS), eight employees of Chengdu-based i-Soon Information Technology, and two members of the APT27 threat group (also known as Silk Typhoon or Emissary Panda). ...
1 month ago Cybersecuritynews.com CVE-2017-0213
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
1 year ago Securityzap.com
Belgium probes if Chinese hackers breached its intelligence service - According to The Brussels Times, the hacked server also routed internal HR exchanges among Belgian intelligence personnel, raising concerns about the potential exposure of sensitive personal data including identity documents and CVs belonging to ...
1 month ago Bleepingcomputer.com APT3 APT30 GALLIUM
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
1 year ago Cyberdefensemagazine.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
1 year ago Scmagazine.com
US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers - The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government. The Treasury Department's Office of Foreign Assets Control announced new sanctions ...
1 year ago Therecord.media Lazarus Group
US charges Chinese hackers linked to critical infrastructure breaches - One month later, it also targeted Chinese cybersecurity company Integrity Tech for its involvement in cyberattacks linked to the Chinese state-sponsored Flax Typhoon hacking group and sanctioned Yin Kecheng for his role in last year's breach of the ...
1 month ago Bleepingcomputer.com
Chinese Hackers Turn To Golang For Malware - Chinese hackers are increasingly turning to the open-source programming language Golang to maliciously code and launch new cyberattacks. According to the latest analysis by The Hacker News, this has resulted in an increase in the number of cyber ...
2 years ago Thehackernews.com BlackTech Carbanak
US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches - It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control, the Iranian government organization responsible for the series of malicious cyber activities directed against ...
1 year ago Cysecurity.news
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
1 year ago Cisa.gov
Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
1 year ago Bleepingcomputer.com CVE-2022-42475
Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
1 year ago Bleepingcomputer.com CVE-2022-42475
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
2 years ago Securityweek.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
1 year ago Cyberdefensemagazine.com
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles' - In other games, we had people from Silicon Valley who were leading AI companies or cyber companies. What we found is those who had expertise in cyber operations were more likely to be more nuanced about how they used the cyber capability. On a larger ...
10 months ago Therecord.media
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
6 months ago Cyberdefensemagazine.com Akira
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
1 year ago Securityboulevard.com Rocke
The Rise of Cyber Insurance - What CISOs Need to Consider - Cyber insurance offers not just financial protection against potentially devastating cyber incidents but also provides frameworks for improving security posture, access to specialized resources, and support during crisis scenarios. Beyond financial ...
1 day ago Cybersecuritynews.com
IT Professionals in ASEAN Confronting Rising Cyber Security Risks - The ASEAN region is seeing more cyber attacks as digitisation advances. In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre ...
1 year ago Techrepublic.com
DHS and FBI: Chinese Drones Pose Major Threat to U.S. Security - The cybersecurity arm of the Department of Homeland Security and the Federal Bureau of Investigation have jointly issued a public service announcement cautioning about the potential risks posed by Chinese-manufactured drones to critical ...
1 year ago Cysecurity.news
Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
1 year ago Bloomberg.com LockBit
US Charges 12 Chinese Hackers For Hacking National Security Infrastructure - The hackers functioned as what one senior FBI official described as “cyber mercenaries,” exploiting vulnerable systems and extracting sensitive data that was subsequently sold to Chinese government security services. The indictments mark ...
1 month ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)