US says China operating ‘hacker for hire’ network available for cyberattacks worldwide

Justice Department charges 12 Chinese contract hackers and law enforcement officials in global computer intrusion campaigns

Reading Time:5 minutes

The FBI says the target domain names and US Treasury Department intrusion have been tied to Yin KeCheng, a Chinese national. Photo: US Federal Bureau of Investigation

Khushboo Razdanin Washington,Igor PatrickandBochen Hanin Washington

Published: 1:19am, 6 Mar 2025Updated: 6:05am, 7 Mar 2025

Beijing was orchestrating a “hacker for hire” ecosystem – involving contract hackers, Chinese tech company employees and government officials – to carry out cyberattacks aimed at stealing data from organisations and governments worldwide, according to a senior US Justice Department official.

In a major effort to combat these cyber activities, the US Department of Justice announced the indictment on Wednesday of 12 Chinese nationals, including two officials from China’s Ministry of Public Security, employees from the private Chinese firm Anxun Information Technology Co Ltd – also known as i-Soon – and members of APT27, an alleged Beijing-backed hacking group.

The individuals face federal charges in New York and Washington.

Senior national security officials said the network had targeted several entities, including the US Treasury Department, which endured a significant breach in 2024.

“The indictments and other court documents allege that Chinese law enforcement and intelligence services exploit China’s reckless and indiscriminate hacker-for-hire ecosystem to suppress free speech and steal data from numerous organisations around the world, including the Treasury Department,” the official said in a background call with reporters.

The 2024 Treasury hack was not included in the indictments unsealed on Wednesday.