DOJ announces charges, sanctions against 12 Chinese hackers for Treasury breaches

The Trump administration on Wednesday announced a series of charges and sanctions against a dozen Chinese nationals — including two tied to the Chinese government — for hacking critical U.S. government systems.
These steps were taken on a day when two House committees held hearings about ongoing Chinese intrusions into U.S. networks — a major concern in the wake of several massive Chinese-linked breaches into U.S. critical infrastructure, including the recent Salt Typhoon infiltration into U.S. telecommunication networks and a separate hack of the Treasury Department.
As part of the overall measures, the Justice Department brought charges against 12 Chinese nationals for the Treasury breach and other attacks on groups or individuals critical of the Chinese government. These included attacks on an unnamed large religious group in the U.S. that sent missionaries to China, foreign ministries of Asian nations and other unnamed U.S. federal and state agencies.
Those charged included Chinese nationals Yin Kecheng and Zhou Shuai for their involvement in cyberattacks as far back as 2013. Both were identified as members of the APT27 hacking group, a prolific Chinese hacking operation that has targeted dozens of organizations globally, including U.S. defense contractors.
The group is also known as Silk Typhoon by Microsoft, which published findings Wednesday about the hacking group shifting its tactics to go after IT tools across U.S. sectors.
Eight members of the Chinese company Anxun Information Technology Co. Ltd., or i-Soon, and two members of the Chinese Ministry of Public Security were charged by the DOJ for email and website hacks between 2016 and 2023. In addition, the Justice Department announced the seizure of internet domains used by i-Soon.
In many cases, the Justice Department alleged that the Chinese government was using a hackers-for-hire system by paying private Chinese companies to hack and steal information in order to obscure government connections to the hacks.
The moves by the Justice Department come more than two months after Treasury Department officials told members of Congress that the agency's networks had been compromised by Chinese hackers obtaining a key used by a third-party vendor to provide the agency with remote technical support. The Treasury Department immediately began investigating and responding to the incident with the help of the Cybersecurity and Infrastructure Security Agency and other federal agencies.
Actions taken by the Trump administration on Wednesday also included the State Department offering a reward of up to $10 million for information leading to the identification and location of the individuals charged, as well as a separate reward of $2 million for information on Shuai and Yin.
In addition, the Treasury Department sanctioned Shuai and his group, the Shanghai Heiying Information Technology Company. Yin was previously sanctioned by the Treasury Department in January for their involvement in hacking the agency.
'To those victims who bravely came forward with evidence of intrusions, we thank you for standing tall and defending our democracy,' Bryan Vorndran, assistant director of the FBI's cyber division, said in a statement Wednesday. 'To those who choose to aid the CCP in its unlawful cyber activities, these charges should demonstrate that we will use all available tools to identify you, indict you, and expose your malicious activity for all the world to see.'

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Fox News

26 minutes ago

• Fox News

The Journal Editorial Report - Saturday, June 21

All times eastern FOX News Radio Live Channel Coverage WATCH LIVE: Trump returns to Washington to meet with his National Security Council

Fox News

31 minutes ago

• Fox News

Hot-air balloon crash in Brazil leaves 8 dead

All times eastern FOX News Radio Live Channel Coverage WATCH LIVE: Trump returns to Washington to meet with his National Security Council

42 minutes ago

What to know about the US B-2 bombers heading to Guam

Multiple B-2 stealth bombers were headed to Guam Saturday, two sources familiar with their movements told ABC News. At this point, the bombers have no orders beyond that, according to the sources. The moves come as tensions between Iran and the West have escalated over its nuclear program and the Trump administration weighs its options. Trump has had numerous meetings with national security advisors this week and said in a statement that he would decide within " in two weeks." The president is slated to have another Situation Room meeting later Saturday evening. The bombers could stay at Andersen Air Force Base in Guam for some time, but the question is for how long. Moving these aircraft does not mean that a final decision has been made. In addition to the bombers, eight refueling tankers took off just before midnight on Friday in Oklahoma, flew over Missouri, Kansas, Colorado, and New Mexico before turning around and landing at the same base they took off, ABC News learned. Over the past week, speculation has grown as to whether the Trump administration would use the 30,000-pound Massive Ordnance Penetrator to target Iran's deep underground uranium enrichment facility in Fordrow. The B-2 is the only U.S. Air Force bomber capable of carrying the MOP on bombing missions, with each bomber can carry two bombs. Attention turned to Whiteman Air Force Base in Missouri, which is the home to all 19 of the B-2 bomber fleet, and whether they might be launched for a nonstop flight to Iran that would require multiple mid-air refuelings. Attention was also focused on the small British island of Diego Garcia in the Indian Ocean that would afford B-2 bombers a much shorter flight time to Iran. In April, six B-2 bombers were deployed to the island as part of the sustained air campaign that the Trump administration had launched against Houthi militants in Yemen because of their continued attacks against commercial shipping in the Red Sea region. The bombers carried out airstrikes against Houthi targets in Yemen, but their deployment was also a strategic message to Iran at a time of heightened tensions between the U.S. and Iran.