DOJ announces charges, sanctions against 12 Chinese hackers for Treasury breaches

The Trump administration on Wednesday announced a series of charges and sanctions against a dozen Chinese nationals — including two tied to the Chinese government — for hacking critical U.S. government systems.

These steps were taken on a day when two House committees held hearings about ongoing Chinese intrusions into U.S. networks — a major concern in the wake of several massive Chinese-linked breaches into U.S. critical infrastructure, including the recent Salt Typhoon infiltration into U.S. telecommunication networks and a separate hack of the Treasury Department.

As part of the overall measures, the Justice Department brought charges against 12 Chinese nationals for the Treasury breach and other attacks on groups or individuals critical of the Chinese government. These included attacks on an unnamed large religious group in the U.S. that sent missionaries to China, foreign ministries of Asian nations and other unnamed U.S. federal and state agencies.

Those charged included Chinese nationals Yin Kecheng and Zhou Shuai for their involvement in cyberattacks as far back as 2013. Both were identified as members of the APT27 hacking group, a prolific Chinese hacking operation that has targeted dozens of organizations globally, including U.S. defense contractors.

The group is also known as Silk Typhoon by Microsoft, which published findings Wednesday about the hacking group shifting its tactics to go after IT tools across U.S. sectors.

Eight members of the Chinese company Anxun Information Technology Co. Ltd., or i-Soon, and two members of the Chinese Ministry of Public Security were charged by the DOJ for email and website hacks between 2016 and 2023. In addition, the Justice Department announced the seizure of internet domains used by i-Soon.

In many cases, the Justice Department alleged that the Chinese government was using a hackers-for-hire system by paying private Chinese companies to hack and steal information in order to obscure government connections to the hacks.

The moves by the Justice Department come more than two months after Treasury Department officials told members of Congress that the agency’s networks had been compromised by Chinese hackers obtaining a key used by a third-party vendor to provide the agency with remote technical support. The Treasury Department immediately began investigating and responding to the incident with the help of the Cybersecurity and Infrastructure Security Agency and other federal agencies.

Actions taken by the Trump administration on Wednesday also included the State Department offering a reward of up to $10 million for information leading to the identification and location of the individuals charged, as well as a separate reward of $2 million for information on Zhou and Yin.

In addition, the Treasury Department sanctioned Zhou and his group, the Shanghai Heiying Information Technology Company. Yin was previously sanctioned by the Treasury Department in January for their involvement in hacking the agency.

“To those victims who bravely came forward with evidence of intrusions, we thank you for standing tall and defending our democracy,” Bryan Vorndran, assistant director of the FBI’s cyber division, said in a statement Wednesday. “To those who choose to aid the CCP in its unlawful cyber activities, these charges should demonstrate that we will use all available tools to identify you, indict you, and expose your malicious activity for all the world to see.”