1 week ago
4
Fixed a link and changed the text to match the link.
| ← Previous revision | Revision as of 09:19, 8 July 2025 | ||
| Line 91: | Line 91: | ||
==== APT 27 ==== |
==== APT 27 ==== |
||
In March 2025, the U.S. Department of Justice unsealed two indictments against Chinese nationals Yin Kecheng (尹可成), also known as “YKC” or “YIN,” and Zhou Shuai (周帅), known as “Coldface” or “ZHOU,” for their roles in a years-long cyber intrusion campaign attributed to the advanced persistent threat group APT27, also known as “Emissary Panda,” “Bronze Union,” and “Silk Typhoon.” The indictments allege that the defendants conducted sophisticated computer intrusions targeting U.S.-based defense contractors, technology firms, government agencies, and other institutions for financial gain. Both individuals are said to have ties to the Chinese government, specifically the [[Ministry of Public Security (China)|Ministry of Public Security]] (MPS) and the [[Ministry of State Security (China)|Ministry of State Security]] (MSS), which allegedly directed or supported the hackers' activities.<ref name=":1">{{Cite web |date=2025-03-05 |title=District of Columbia {{!}} Chinese Nationals with Ties to the PRC Government and “APT27” Charged in a Computer Hacking Campaign for Profit, Targeting Numerous U.S. Companies, Institutions, and Municipalities {{!}} United States Department of Justice |url=https://www.justice.gov/usao-dc/pr/chinese-nationals-ties-prc-government-and-apt27-charged-computer-hacking-campaign-profit |access-date=2025-07-08 |website=www.justice.gov |language=en}}</ref><ref name=":2">{{Cite web |last=Kaaviya |date=2025-03-13 |title=US Charges 12 Chinese Hackers For Hacking National Security Infrastructure |url=https://cybersecuritynews.com/us-charges-12-chinese-hackers/ |access-date=2025-07-08 |website=Cyber Security News |language=en-US}}</ref> |
In March 2025, the [[United States Department of Justice]] unsealed two indictments against Chinese nationals Yin Kecheng (尹可成), also known as “YKC” or “YIN,” and Zhou Shuai (周帅), known as “Coldface” or “ZHOU,” for their roles in a years-long cyber intrusion campaign attributed to the advanced persistent threat group APT27, also known as “Emissary Panda,” “Bronze Union,” and “Silk Typhoon.” The indictments allege that the defendants conducted sophisticated computer intrusions targeting U.S.-based defense contractors, technology firms, government agencies, and other institutions for financial gain. Both individuals are said to have ties to the Chinese government, specifically the [[Ministry of Public Security (China)|Ministry of Public Security]] (MPS) and the [[Ministry of State Security (China)|Ministry of State Security]] (MSS), which allegedly directed or supported the hackers' activities.<ref name=":1">{{Cite web |date=2025-03-05 |title=District of Columbia {{!}} Chinese Nationals with Ties to the PRC Government and “APT27” Charged in a Computer Hacking Campaign for Profit, Targeting Numerous U.S. Companies, Institutions, and Municipalities {{!}} United States Department of Justice |url=https://www.justice.gov/usao-dc/pr/chinese-nationals-ties-prc-government-and-apt27-charged-computer-hacking-campaign-profit |access-date=2025-07-08 |website=www.justice.gov |language=en}}</ref><ref name=":2">{{Cite web |last=Kaaviya |date=2025-03-13 |title=US Charges 12 Chinese Hackers For Hacking National Security Infrastructure |url=https://cybersecuritynews.com/us-charges-12-chinese-hackers/ |access-date=2025-07-08 |website=Cyber Security News |language=en-US}}</ref> |
||
The criminal conduct spans from at least 2011 to 2024 and includes charges such as conspiracy, wire fraud, aggravated identity theft, money laundering, and violations of the [[Computer Fraud and Abuse Act]] (CFAA). According to U.S. authorities, Yin and Zhou gained unauthorized access to victim networks by exploiting vulnerabilities, installing persistent malware, and exfiltrating sensitive data. Zhou allegedly brokered stolen data and access to compromised networks to third parties, some of whom were connected to the PRC government or military. The scheme also involved the use of [[Virtual private server|virtual private servers]] (VPS) and internet domains to mask operations and facilitate data theft.<ref name=":1" /> |
The criminal conduct spans from at least 2011 to 2024 and includes charges such as conspiracy, wire fraud, aggravated identity theft, money laundering, and violations of the [[Computer Fraud and Abuse Act]] (CFAA). According to U.S. authorities, Yin and Zhou gained unauthorized access to victim networks by exploiting vulnerabilities, installing persistent malware, and exfiltrating sensitive data. Zhou allegedly brokered stolen data and access to compromised networks to third parties, some of whom were connected to the PRC government or military. The scheme also involved the use of [[Virtual private server|virtual private servers]] (VPS) and internet domains to mask operations and facilitate data theft.<ref name=":1" /> |
||
