U.S. charges Chinese hackers and government officials in broad cybercrime campaign
WASHINGTON — Twelve Chinese nationals — including mercenary hackers, law enforcement officers and employees of a private hacking company — have been charged in connection with global cybercrime campaigns targeting dissidents, news organizations, U.S. agencies and universities, the Justice Department said Wednesday.
A set of criminal cases filed in New York and Washington add new detail to what U.S. officials say is a booming hacking-for-hire ecosystem in China, in which private companies and contractors are paid by the Chinese government to target victims of particular interest to Beijing in an arrangement meant to provide Chinese state security forces cover and deniability.
The indictments come as the U.S. government has warned of an increasingly sophisticated cyber threat from China, such as a hack last year of telecom firms called Salt Typhoon that gave Beijing access to private texts and phone conversations of an unknown number of Americans, including U.S. government officials and prominent public figures.
One indictment charges eight leaders and employees of a private hacking company known as I-Soon with conducting a sweeping array of computer breaches around the world meant to suppress speech, locate dissidents and steal data from victims. Among those charged is Wu Haibo, who founded I-Soon in Shanghai in 2010 and was a member of China's first hacktivist group, Green Army, and who is accused in the indictment of overseeing and directing hacking operations.
Earlier reporting by The Associated Press on leaked documents from I-Soon mainly showed I-Soon was targeting a wide range of governments such as India, Taiwan or Mongolia, but little on the United States.
But the indictment contains new revelations about I-Soon's activities targeting a wide range of Chinese dissidents, religious organizations and media outlets based in the U.S., including a newspaper identified as publishing news related to China and opposed to the Chinese Communist Party. Other targets included individual critics of China living in the U.S., the Defense Intelligence Agency and a research university.
The intended targets were in some cases directed by China's Ministry of Public Security — two law enforcement officers were charged with tasking certain assignments — but in other instances the hackers acted at their own initiative and tried to sell the stolen information to the government afterward, the indictment says.
The company charged the Chinese government the equivalent of between approximately $10,000 and $75,000 for each email inbox it successfully hacked, officials said.
Phone numbers listed for I-Soon on a Chinese corporate registry rang unanswered, and I-Soon representatives did not immediately respond to an AP email requesting comment.
A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, suggested Wednesday that the allegations were a 'smear' and said, 'We hope that relevant parties will adopt a professional and responsible attitude and base their characterization of cyber incidents on sufficient evidence rather than groundless speculation and accusations.'
A separate indictment charges two other Chinese hackers, identified as Yin Kecheng and Zhou Shuai, in a for-profit hacking campaign that targeted victims including U.S. technology companies, think tanks, defense contractors and health care systems. Among the targets was the U.S. Treasury Department, which disclosed a breach by Chinese actors late last year in what it called a 'major cybersecurity incident.'
The Treasury Department announced sanctions Wednesday in connection with the hacking, and the State Department announced multimillion-dollar rewards for information about the defendants.
I-Soon is part of a sprawling industry in China, documented in an AP investigation last year, of private hacking contractors that steal data from other countries to sell to the Chinese authorities.
Over the past two decades, Chinese state security's demand for overseas intelligence has soared, giving rise to a vast network of these private hackers-for-hire companies that have infiltrated hundreds of systems outside China.
China's hacking industry rose in the early days of the internet, when Wu and other Chinese hackers declared themselves 'red hackers' — patriots who offered their services to the Chinese Communist Party, in contrast to the anti-establishment ethos popular among many coders.
The indictment 'proved the close ties and interaction among China's first generation patriotic hackers,' said Mei Danowski, a cybersecurity analyst who wrote about I-Soon on her blog, Natto Thoughts. They 'all turned to entrepreneurs now — doing businesses with the governments and making profits through other means.'
Since I-Soon documents were leaked online last year, the company has been suffering but is still in operation, according to Chinese corporate records. They've downsized and moved offices.
'Apparently i-SOON companies have been struggling to survive,' Danowski wrote on her blog. 'To Chinese state agencies, a company like i-SOON is disposable.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
North Wales Live
2 hours ago
- North Wales Live
The hidden underbelly of Wales where exploitation is rife
Frantic shouting in Mandarin erupts from behind a curtain separating the front desk from the kitchen at the Red Hot Goodies Chinese takeaway. Waiting customers are turned away. Upstairs is a modest, cramped flat which is searched by five officers clad in stab vests emblazoned with "'Immigration Enforcement". They swiftly locate each individual in the building, including one who was evidently serving customers moments before. The takeaway in Blackwood, Gwent, is shut down for the evening. The suspected illegal worker, a Chinese woman who only provides her first name and denies working at the takeaway despite being spotted behind the till, is not the person the officers are seeking. She is detained nonetheless. It emerges the young woman, a former marketing student who arrived in the Caerphilly town two months earlier, had entered the UK legally on a skilled worker's visa. She is performing what is considered unskilled work by assisting behind the till at the takeaway. Her stay is therefore unlawful and she is informed she will have to depart the UK as soon as possible. The unassuming takeaway operates on a quiet residential street. Its young male owner informs officer Richard Johnson, who's leading the raids, that the woman chanced upon his family online. He claims he has never paid her, showing the officers the company's bank statements. These reveal the woman is paying him £280 a month to live in the flat upstairs with the family. Attempting to ignore the owner's mother, who persistently yells over the officers in Mandarin, they ascertain she's essentially receiving reduced rent in exchange for her work. Join the North Wales Live WhatsApp community group where you can get the latest stories delivered straight to your phone The proprietor insists he knows nothing about the woman beyond her name, age, and the validity of her passport, reports Wales Online. Richard asks: "The only reason she came here was to help you in this shop?" The owner responds: "I think she was homeless and had nowhere to go." Richard questions: "Why did you think she was homeless?" "I just took a guess," he answers. It transpires the takeaway has previously been penalised for employing an illegal worker. The owner is issued a referral notice and warned he could face another potential fine of up to £60,000. Penalties now stand at £45,000 for a first-time offence and can rise to £60,000 for subsequent offences. Once a notice is issued, it is handled by a central immigration office in Manchester which conducts further investigations and determines the appropriate penalty. The young woman provides evidence that she has arranged a flight back to China for the following week and assures the officers she will leave the country. As we exit the takeaway, Richard explains the background. "You get people who've come over on small boats and in the back of lorries or in through the backdoor through Ireland," he says. "But often the people we're dealing with have entered the country legally but then they breach the terms of their visa. "That woman had come in on a skilled worker visa and was clearly carrying out unskilled work, so she's broken the rules of the system. The skilled worker visa is strictly for people to come to this country and contribute skilled work. We regularly encounter people who've come in using the skilled worker visa and they're behind a till serving in a restaurant or takeaway or a corner shop. "If we arrest someone we have to ask them first, 'Are you prepared to return voluntarily?' And if they book a flight and show evidence that they've booked it, they may not get detained. More and more now when we catch them, they tend to book a flight and go. We don't get much hassle." Richard continued: "We don't often get hassle really. We sometimes do at the car washes. There is a car wash we've done a few times and you always know it's either going to kick off there or people are going to run. You've always got to be prepared for people to run but sometimes it still catches you by surprise. "Or in a restaurant they might not run but they'll take their aprons off and go out to the back. There are some peculiar ones. We often find illegal workers cooking in restaurant kitchens and they claim they're cooking for themselves." Just hours before arriving at the Chinese takeaway, the officers visited the Bella e Buona Italian restaurant in Brynmawr. During their previous two surprise visits to the restaurant, they had discovered Albanian illegal workers in the kitchen – some of whom fled when the officers arrived. With the threat of closure hanging over the restaurant, this time there were no illegal workers to be found. "It seems they've learned their lesson," said Richard before heading to his next assignment in Cardiff. Over the past week Richard, from Port Talbot, and his Wales and west of England immigration enforcement team have been busy busting illegal workers across various sites. Their crackdowns ranged from a Tenby construction site, where five illegal workers were detained, to Treforest's Choices Express takeaway, leading to a Sri Lankan man's arrest. At a Premier Stores in Pontypridd, an Indian man was detained for violating immigration bail. It's part of a clear trend. Between July 5 last year, and May 31, 2025, the Wales and west of England squad arrested 1,057 illegal workers, up an astounding 114% on the previous year. The number of visits was up too, by 96% to 1,477, matching a surge in illegal migrant landings in the UK. During a January operation at a dairy farm in Llangedwyn, Powys, six Romanians were arrested for visa infractions. Another visit to a solar farm in Anglesey on March 20 led to 16 arrests and a referral notice being served on the subcontractor. Particular focus has been on tackling employers who facilitate illegal working, often subjecting migrants to squalid conditions and illegal working hours below minimum wage. Restaurants, nail bars and construction sites have been among the hundreds of businesses targeted. "In the last financial year we arrested more illegal workers than any immigration enforcement team in the country," Richard revealed. "In the first eight weeks of this financial year we've done more than double the arrests than the same period last year. So we're looking at well over 2,000 (arrests) if we keep on the same trajectory." Is that a positive development or a cause for concern? "It depends which way you look at it I suppose," said Richard." I think at least it shows our commitment to prioritise and target illegal working." A recent raid on a distribution centre uncovered so many undocumented workers that it overwhelmed a computer system used by officers known as Pronto. For each individual case, the system logs details such as name, date of birth, arrival date in the UK, visa information, contact information, any mitigating circumstances, and what the employer has told visiting officers. Richard observed that the nature of the job is becoming much less predictable. "Our activity has rocketed. Now there are far more jobs because illegal working has grown and evolved. "It's still the usual suspects – barbers, takeaways, restaurants, corner shops – but it's not always like that anymore. It's rife too in the care sector, construction sector and even farming. We're now doing farms in Wales with some success." Richard, who has a 25-year tenure in immigration enforcement, shed light on the devastating reality for many who are led to the UK by people smugglers with false promises of an improved life with ample opportunities. Instead, they often find themselves in deplorable living conditions, earning scant wages for long, harsh hours under the perpetual risk of arrest and expulsion. "A lot of them, I think, see a better future than is the reality when they get here," said Richard. Hopeful migrants often pay hefty sums for transport, sometimes up to £10,000, which they then strive to repay only to encounter bitter disappointment. "There are often some really sad cases," he said. "We went to a brothel and encountered three Brazilian sex workers. I believed them when they said they never had any intention of being sex workers but they came here and fell into it and the money was better than what they got at home. "One had made £10,000 and we seized it all because it had clearly been gained unlawfully. All three of them went back to Brazil with nothing. They'd clearly been duped. "The incentive mainly is financial. If someone is illegal they'll more than likely work for less money or, in certain cases, will work for no money at all and would just get accommodation or food in return. Sometimes they're told when they get here they'll be working and earning money beyond their wildest dreams and often that's not the case. They realise the streets aren't paved with gold. "It's clear exploitation but sadly they don't always see it like that because life might be so difficult for them back home. In many cases they're living in awful conditions, sharing a room with four or five others, and they're sending the majority of the money back to their families." The team has now been alerted by a local tip-off that another Chinese takeaway in Caerphilly borough may have illegal workers. Upon visiting the establishment, the officers encounter a visibly distressed family of five. The father, who runs the takeaway, struggles to find his words initially and invites the officers to check every corner of the premises, hastily asserting, "No-one is hiding here." Sign up for the North Wales Live newsletter sent twice daily to your inbox During my time with the enforcement team, I've noticed their consistent calmness and respectfulness on these operations. Quickly realising that no laws are being broken, they offer their apologies and depart from the property. "That one is most likely a malicious report," Richard remarks. When asked what he means, he explains: "Someone who doesn't like them. We call it malicious intel. We do always try and corroborate checks to rule out a possibility of malicious intel but if that isn't possible. "If we haven't visited the premises in years we tend to decide it's probably worth looking at just in case. It's always difficult because it can be worrying for the owners, particularly if there are children involved." He said officers often receive valuable information via anonymous tips by the public. "Sources remain completely anonymous but they tend to be from police, members of the public, or other times it's us targeting known problem areas," Richard said. "At the moment it's delivery drivers that is a big one for us. They'll stop to pick up an order and we'll intercept. But many of them are in a WhatsApp group together and word will get around about where we are, so it can be tricky. It can sound straightforward but it definitely isn't."
Daily Record
10 hours ago
- Daily Record
Two dead as car plunges 300ft off cliff in beauty spot horror
According to reports, the incident happened in full view of horrified onlookers. Two people have been killed after a vehicle plunged 300ft from a cliff at a popular coastal beauty spot. On Friday evening, a silver vehicle plummeted down the cliff face before hitting the water. Tonight, Hampshire and Isle of Wight Police have confirmed that the incident at Alum Bay resulted in the deaths of two people. The horrific crash sparked a huge emergency response, with coastguard ships, police, firefighters and paramedics all racing to the scene. It has been reported that a man was dragged from the water, however, further details about his conditions were unknown until tonight. According to reports, the incident happened in full view of horrified onlookers. It comes as people gathered in the Isle of Wight for The Round the Island Race - a one-day yacht race around the island. The race still went ahead yesterday, despite the route passing through Alum Bay. The wreckage of the car - which had its roof and bonnet crumpled - could be seen partially submerged in the coastal waters in dramatic images of the aftermath, reports The Isle of Wight County Press. On Friday, police released a statement, which read: "We're currently at the scene of a serious incident in Totland. "We were called at 7.21pm this evening (Friday, June 6) after a car, which was being driven along Alum Bay New Road, left the road, came off the cliff top and came to rest in the water below." The site of the horror incident is near the Isle of Wight Needles - a famed landmark in the area of three stacks of chalk jutting out of the water. Only yesterday, an inquest heard how a 12-year-old boy slipped in a puddle and lost his balance by the edge of a cliff before plunging to his death. French tourist Marion Tourgon described the moment young Zhihan Zhao tragically died after an accident at the Cliffs of Moher in western Ireland, on July 23, 2024. The 12-year-old had set out on a walk with his mum, Xianhong Huang, and friends on the Cliffs of Moher trail but the stroll turned fatal at around 1.45pm. The Chinese nationals had only arrived to Ireland 12 days before the tragic incident, and were visiting one of the country's most popular attractions. The mum said her son was walking ahead of her on the trail when she had lost sight of him. She told how they started walking from the Nagle's car park in Liscannor, and said: "My son walked very fast and was ahead of us by 50 metres. As there was only one path I thought we would meet him along the way. When I didn't I walked to the visitor centre and I checked the visitor centre."
NBC News
15 hours ago
- NBC News
Sen. Cory Booker says he won't accept campaign donations from Elon Musk
Sen. Cory Booker on Sunday said that he would not accept campaign donations from tech mogul Elon Musk but urged the former Trump advisor to "get involved right now in a more substantive way" in Democrats' push against the sweeping GOP-backed spending bill. "This bill is disastrous for our long-term economy," Booker told NBC News' "Meet the Press." "This is an American issue, and I welcome Elon Musk not to my campaign. I welcome him right now, not to sit back and just fire off tweets, get involved right now in a more substantive way, in putting pressure on Congress people and senators to not do this." Asked directly whether he would ever accept campaign funding from Musk, Booker said, "I would not accept money from Elon Musk for my campaign, but I would be supportive of anybody, including Elon Musk, putting resources forward right now to let more Americans know," about the bill. Booker's remarks come as other Democrats, like California Rep. Ro Khanna, have floated welcoming Musk into the Democratic party after a feud between President Donald Trump and the Tesla and SpaceX CEO exploded into public view last week. "We should ultimately be trying to convince him that the Democratic Party has more of the values that he agrees with,' Khanna told Politico last week after Musk and Trump fired off a series of social media posts online criticizing each other. The falling out started after Musk called the budget bill a "disgusting abomniation" in a post on X. In subsequent posts on Truth Social, the president accused Musk of "wearing thin" and said "he just went crazy." Musk later accused Trump of " ingratitude" in another post on X after he spent $250 million boosting Trump's campaign in 2024 and accused Trump of links to deceased sex offender Jeff Epstein in a now-deleted post. On Saturday, in a phone call with NBC News, Trump said he has no desire to repair his relationship with Musk after their public spat. The president also responded to a direct question about what might happen if Musk decided to financially support Democrats in the 2026 midterm elections, days after Musk wrote in a post on X,"In November next year, we fire all politicians who betrayed the American people," appearing to refer to Republicans who voted for the GOP-backed spending bill in the House. 'If he does, he'll have to pay the consequences for that,' Trump told NBC News, adding that there could be "serious consequences." In May, House Republicans passed a sweeping domestic policy bill called the "One Big Beautiful Bill Act" that extends tax cuts passed in the first Trump administration, increases funding for border security and eliminates federal taxes on tips and overtime pay. The bill has also drawn scrutiny from Democrats for slashing funding for Medicaid and some food stamps while implementing work requirements for Medicaid, which provides healthcare for low income Americans. Musk and some Senate Republicans have blasted the bill for estimated effects it could have on the federal debt and deficit, though Trump and House Republicans have downplayed those concerns. "More Americans have to understand that if this bill passes, average Americans are going to see their costs skyrocket as this president again pushes legislation that is indicative of his chaos, corruption and cruelty towards Americans," Booker said on Sunday.
