Close Menu

    Stay Ahead with Exclusive Updates!

    Enter your email below and be the first to know what’s happening in the ever-evolving world of technology!

    What's Hot

    The API That Powered GIFs Across Every App You Use Just Disappeared. Here Is the Scramble It Left Behind and What Fills the Gap

    July 16, 2026

    Japan Is Running Out of Workers and Has Decided Robots Are the Only Realistic Answer. The Plan to Deploy 10 Million of Them by 2040 Is the Most Ambitious Industrial Policy Any Country Has Announced This Decade

    July 16, 2026

    Google Just Launched Gemini Omni Flash and It Can Create and Edit Video in Real Time. Here Is What That Changes About AI Video Tools

    July 16, 2026
    Facebook X (Twitter) Instagram
    Facebook X (Twitter)
    PhronewsPhronews
    • Home
    • Big Tech & Startups

      The API That Powered GIFs Across Every App You Use Just Disappeared. Here Is the Scramble It Left Behind and What Fills the Gap

      July 16, 2026

      China Just Ordered ByteDance and Alibaba to Shut Down Personalized AI Companion Features by July 15. The Regulation Behind the Ban Is the Most Restrictive AI Law Any Government Has Passed This Year.

      July 15, 2026

      Gemini 3.5 Pro Missed Its June Deadline and Is Now Pointing to July. For Google’s Most Anticipated Model of the Year, Every Week of Delay Has a Cost.

      July 15, 2026

      Meta Is Planning to Sell Its Excess AI Compute to Outside Customers. The Company That Was Rationed Gemini Access by Google Just Positioned Itself to Become a Cloud Provider.

      July 15, 2026

      Tesla Just Launched Its Robotaxi in Miami with No Safety Monitor Inside the Car

      July 14, 2026
    • Crypto

      Market Collapse: What Happened to NFTs?

      April 23, 2026

      Quantum Computing Advances Force Coinbase and Institutional Custodians to Rethink Crypto Security

      March 8, 2026

      AI Assisted Hacking Groups Target Crypto Firms With Multi-Layered Social Engineering

      February 18, 2026

      Global Crypto Regulations Expand as 2026 Begins With New Data Collection Frameworks and National Laws

      January 16, 2026

      Coinbase Bets on Stablecoin and On-Chain Growth as Key Market Drivers in 2026 Strategy

      January 10, 2026
    • Gadgets & Smart Tech
      Featured

      Tesla Just Launched Its Robotaxi in Miami with No Safety Monitor Inside the Car

      By preciousJuly 14, 2026
      Recent

      Tesla Just Launched Its Robotaxi in Miami with No Safety Monitor Inside the Car

      July 14, 2026

      Google’s New Smart Speaker Has Gemini Built In and Works With Everything. Here Is Whether It Is Finally Worth Switching From Amazon Echo or Apple HomePod

      July 4, 2026

      Tesla Is Teaching Its Self-Driving AI With Millions of Fake Crashes. Here Is Why That Might Make Real Roads Safer

      June 30, 2026
    • Cybersecurity & Online Safety

      Hackers Stole 630GB of Apple and Tesla Manufacturing Secrets from Tata Electronics. The Breach Confirms Everything Supply Chain Security Experts Have Warned About for Years.

      July 9, 2026

      Apple Just Pushed an Unscheduled Security Update Because AI-Powered Attacks Are Moving Faster Than Its Normal Patch Cycle Can Handle

      July 6, 2026

      Buying World Cup Tickets Online? Scammers Are Already Waiting. Here Is How to Protect Yourself for the Rest of the Tournament.

      July 4, 2026

      Researchers Found an Attack Spreading Through GitHub Like a Parasite. They Named It Cordyceps and It Is Already in 300+ Repositories

      July 4, 2026

      AI Is Now Writing Phishing Emails Good Enough to Fool Your Best Employees. Here Is How to Spot Them

      July 4, 2026
    PhronewsPhronews
    Home»Cybersecurity & Online Safety»DOJ Indicts 12 Chinese Hackers In US Treasury Cyberattack
    Cybersecurity & Online Safety

    DOJ Indicts 12 Chinese Hackers In US Treasury Cyberattack

    preciousBy preciousMarch 11, 2025Updated:June 12, 2025No Comments
    Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    The U.S. Department of Justice has indicted 12 Chinese-backed hackers who initiated several cyberattacks against large corporations in the country, including the U.S. Treasury Cyberattack.

    The Treasury cyberattack was announced via a letter from the DOJ, confirming there was unauthorized access to unclassified documents in the U.S. Treasury Departmental Offices. 

    The cyberattack was as a result of the exploitation of two pairs of vulnerabilities (CVE-2024-12356 and CVE-2024-12686) in a third-party software provided by BeyondTrust, a third-party SaaS (Software-as-a-Service) and a Cybersecurity firm, offering services including but not limited to Identity Security Platform, Privileged Access Management (PAM), and Remote Access Technology.

    “On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users,” the letter says.

    The letter then adds that “with access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”

    In a culminating effort of national agencies CISA (Cybersecurity and Infrastructure Security Agency) and FBI (Federal Bureau of Investigation), the cyberattack was alleged to be sponsored by the government of the PRC (People Republic of China), and was dubbed APT27. 

    “The incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter further explains.

    As a result of the wide range of cyberattacks carried out by this threat actor between 2013 and 2024, and according to the DOJ indictment, APT27 has been given several nicknames by many private sector security researchers: “Threat Group 3390,” “Bronze Union,” “Emissary Panda,” “Lucky Mouse,” “Iron Tiger,” “UTA0178,” “UNC 5221,” and “Silk Typhoon.”

    In the press release announcing the indictment of 12 Chinese nationals – 2 officers of the PRC’s Ministry of Public Security (MPS), 2 Chinese nationals at the helm of APT27, and 8 employees of a PRC private company Anxun Information Technology Co. Ltd. (aka i-Soon) – the names of APT27’s  threat actors were said to be Yin Kecheng and Zhou Shuai. 

    Yin and Zhou are Chinese nationals who allegedly launched cyberattacks against U.S. large corporations – for example, Microsoft – on behalf of the Chinese government.

    The cyberattacks carried out by these two dates back to 2013. Before the recent Treasury cyberattack in December 2024, they were reported to have “exploited vulnerabilities in victim networks, conducted reconnaissance once inside those networks, and installed malware, such as PlugX malware, that provided persistent access,” according to the indictment.

    “The defendants (Yin and Zhou) and their co-conspirators then identified and stole data from the compromised networks by exfiltrating it to servers under their control,” adds the press release announcing the charges.

    “Next, they brokered stolen data for sale and provided it to various customers, only some of whom had connections to the PRC government and military. For example, Zhou sold data stolen by Yin through i-Soon, whose primary customers, as noted above, were PRC government agencies, including the MSS and the MPS.”

    Due to the large scale of these cyberattacks, Kecheng and Shuai have been placed on a wanted list with a bounty offered to anyone who provides information on their whereabouts. 
    “The Department of State’s Bureau of International Narcotics and Law Enforcement Affairs is announcing two reward offers under the Transnational Organized Crime Rewards Program (TOCRP) of up to $2 million each for information leading to the arrests and convictions, in any country, of malicious cyber actors Yin Kecheng and Zhou Shuai, both Chinese nationals residing in China.”

    Anxun Information Technology APT27 BeyondTrust vulnerabilities Bronze Union China cyber espionage Chinese state-sponsored hacking Chinese-backed hackers CISA CVE-2024-12356 CVE-2024-12686 cyber intelligence cyberattack attribution cyberattack indictment cybercrime rewards cybersecurity breach cybersecurity vulnerability exploitation data exfiltration DOJ indictment Emissary Panda espionage data theft FBI cyber investigation federal charges against hackers government-sponsored cyber threat i-Soon international cyber law Iron Tiger Lucky Mouse malicious cyber actors Microsoft cyberattack PlugX malware PRC government cyber operations PRC Ministry of Public Security Silk Typhoon Threat Group 3390 transnational organized crime US Treasury cyberattack Yin Kecheng Zhou Shuai
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email
    precious
    • LinkedIn

    I’m Precious Amusat, Phronews’ Content Writer. I conduct in-depth research and write on the latest developments in the tech industry, including trends in big tech, startups, cybersecurity, artificial intelligence and their global impacts. When I’m off the clock, you’ll find me cheering on women’s footy, curled up with a romance novel, or binge-watching crime thrillers.

    Related Posts

    Hackers Stole 630GB of Apple and Tesla Manufacturing Secrets from Tata Electronics. The Breach Confirms Everything Supply Chain Security Experts Have Warned About for Years.

    July 9, 2026

    Apple Just Pushed an Unscheduled Security Update Because AI-Powered Attacks Are Moving Faster Than Its Normal Patch Cycle Can Handle

    July 6, 2026

    Buying World Cup Tickets Online? Scammers Are Already Waiting. Here Is How to Protect Yourself for the Rest of the Tournament.

    July 4, 2026

    Comments are closed.

    Top Posts

    Coinbase responds to hack: customer impact and official statement

    May 22, 2025

    Anthropic Will Use Claude User Chats For Data Training

    October 16, 2025

    Cursor AI Hits 1 Million Daily Users. Why Developers Are Switching to This Coding Tool

    March 23, 2026

    MIT Study Reveals ChatGPT Impairs Brain Activity & Thinking

    June 29, 2025
    Don't Miss
    Big Tech & Startups

    The API That Powered GIFs Across Every App You Use Just Disappeared. Here Is the Scramble It Left Behind and What Fills the Gap

    By fariehanJuly 16, 2026

    Tenor’s API shutdown marks the end of an internet service millions relied on without realizing…

    Japan Is Running Out of Workers and Has Decided Robots Are the Only Realistic Answer. The Plan to Deploy 10 Million of Them by 2040 Is the Most Ambitious Industrial Policy Any Country Has Announced This Decade

    July 16, 2026

    Google Just Launched Gemini Omni Flash and It Can Create and Edit Video in Real Time. Here Is What That Changes About AI Video Tools

    July 16, 2026

    China Just Ordered ByteDance and Alibaba to Shut Down Personalized AI Companion Features by July 15. The Regulation Behind the Ban Is the Most Restrictive AI Law Any Government Has Passed This Year.

    July 15, 2026
    Stay In Touch
    • Facebook
    • Twitter
    About Us
    About Us

    Evolving from Phronesis News, Phronews brings deep insight and smart analysis to the world of technology. Stay informed, stay ahead, and navigate tech with wisdom.
    We're accepting new partnerships right now.

    Email Us: info@phronews.com

    Facebook X (Twitter) Pinterest YouTube
    Our Picks
    Most Popular

    Coinbase responds to hack: customer impact and official statement

    May 22, 2025

    Anthropic Will Use Claude User Chats For Data Training

    October 16, 2025

    Cursor AI Hits 1 Million Daily Users. Why Developers Are Switching to This Coding Tool

    March 23, 2026
    © 2025. Phronews.
    • Home
    • About Us
    • Get In Touch
    • Privacy Policy
    • Terms and Conditions

    Type above and press Enter to search. Press Esc to cancel.