US charges Chinese hackers, government officials in broad cyberespionage campaign

FILE - The U.S. Department of Justice building is seen in Washington, Dec. 7, 2024. (AP Photo/Jose Luis Magana, File)

WASHINGTON (AP) — Twelve Chinese nationals, including mercenary hackers, law enforcement officers and employees of a private hacking company, have been charged in connection with global cyberespionage campaigns targeting dissidents, news organizations, U.S. agencies and universities, the Justice Department announced Wednesday.

The U.S. Treasury Department, which disclosed a breach by Chinese actors late last year in what it called a "major cybersecurity incident," was among the targets of the indicted hackers.

The indictments come as the U.S. government has warned of an increasingly sophisticated cyber threat from China, including a hack last year of telecom firms called Salt Typhoon that gave Beijing access to private texts and phone conversations of an unknown number of Americans, including U.S. government officials and prominent public figures.

One indictment charges leaders and founders of a private hacking company known as I-Soon, whose officials conducted a sweeping array of breaches around the world as part of what U.S. officials say was a broad intelligence-gathering operation. Among those named in the indictment is Wu Haibo, who founded I-Soon in Shanghai in 2010 and was a member of China's first hacktivist group, Green Army.

The indictment contained new revelations about I-Soon's activities targeting a wide range of Chinese dissidents, religious organizations and media outlets based in the United States, including a newspaper identified as publishing news related to China and opposed to the Chinese Communist Party. Other targets included individual critics of China living in the U.S., the Defense Intelligence Agency and a research university.

Earlier AP reporting on leaked documents from I-Soon mainly showed I-Soon was targeting a wide range of governments such as India, Taiwan or Mongolia, but little on the United States.

The targets were in some cases directed by China's Ministry of Public Security — two law enforcement officers were also charged with tasking certain assignments — but in other instances the hackers acted at their own initiative and tried to sell the stolen information to the government afterward, the indictment says.

The company charged the Chinese government the equivalent of between approximately $10,000 and $75,000 for each email inbox it successfully hacked, officials said.

Phone numbers listed for I-Soon on a Chinese corporate registry rang unanswered, and I-Soon representatives did not immediately respond to an AP email requesting comment.

A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, suggested that the allegations were a "smear" and said, "We hope that relevant parties will adopt a professional and responsible attitude and base their characterization of cyber incidents on sufficient evidence rather than groundless speculation and accusations."

A separate indictment charges two other Chinese hackers in a for-profit hacking campaign that targeted victims including U.S. technology companies, think tanks, defense contractors and health care systems.

I-Soon is part of a sprawling industry in China, documented in an Associated Press investigation last year, of private hacking contractors are companies that steal data from other countries to sell to the Chinese authorities.

Over the past two decades, Chinese state security's demand for overseas intelligence has soared, giving rise to a vast network of these private hackers-for-hire companies that have infiltrated hundreds of systems outside China.

Associated Press writer Dake Kang in Beijing contributed to this report.