Chinese Hackers Detained in Singapore for Possessing Foreign Government Data -

Post Views: 118

Chinese Hackers Detained in Singapore for Possessing Foreign Government Data

After being discovered running a sophisticated hacking operation from a rented villa, three Chinese nationals who entered Singapore using false work licenses were given prison sentences. According to investigations, the three were involved in a bigger network of cryptocurrency-funded cybercrime and had access to private information from other countries.

A Fake Job Offer That Becomes a Cybercrime Base

The three prisoners, Yan Peijian (39), Huang Qin Zheng (36), and Liu Yuqi (33), were from the province of Henan in China. Xu Liangbiao, a Ni-Vanuatu national who set up fictitious work permits through shell corporations, enticed them to Singapore under the pretense of employment.

Huang and Liu were classified as “construction workers,” and Yan was identified as a “sales representative.”

After arriving in Singapore, they lived in a bungalow near Mount Sinai, which served as the headquarters for Xu’s illicit hacking activities. The three never did any real work for the businesses they were purportedly hired for.

Cyber Operations and a $3 Million Payout

Xu gave the men instructions to hack into gambling websites and Yi Mei, a Chinese SMS service company that catered to two significant gaming platforms. The objective was to divert customers to Xu’s own betting websites, steal personal information, and get beyond two-factor authentication methods.

The hackers were allegedly paid US$3 million (S$3.9 million) in bitcoin for their work; this sum was subsequently discovered to have been transferred to Liu and distributed among the group.

Malware Associated with International Hacker Groups Found During a Police Raid

On September 9, 2024, Singapore police raided the Mount Sinai residence. They discovered remote access trojans (RATs) and malware linked to plugX and Shadow Brokers, a notorious hacker collective that had previously leaked cyber tools stolen from the U.S. National Security Agency (NSA).

The plugX malware has been tied to state-sponsored advanced persistent threat (APT) groups. One such exploit was later connected to the WannaCry ransomware attacks of 2017.

Investigators also found a confidential email between Kazakhstan’s Ministry of Foreign Affairs and its Ministry of Industry, along with discussions on vulnerabilities in Australian, Argentine, and Vietnamese government domains.

Court Sentences and Prosecutor’s Remarks

Liu received a term of 28 months and four weeks in prison, while Yan and Huang received sentences of 28 months and one week.

Prosecutors contended that even though Singapore was not their primary target, the nation’s reputation suffered greatly since it served as the hub for their cyber activities.

Hon. Yi, the deputy public prosecutor, informed the court:

“Even if these individuals were merely foot soldiers, they possessed the technical expertise that powered Xu’s network. Their activities, conducted from Singapore, have tainted the nation’s image as a secure and trusted hub.”

He pointed out that the organization was well-funded; the hackers were given all the tools they needed to launch their attacks, lived in luxury without paying rent, and were paid consistently.

Defense: “Epic Failures at Hacking”

Defense attorneys argued that the men’s attempts were mostly unsuccessful and that they were not proficient hackers.

Lawyer Lee Teck Leng contended:

“They were essentially amateurs — the three main hackers who couldn’t hack. Their efforts resulted in no tangible data breaches.”

The presiding judge disagreed, pointing out that trying to compromise computers is a cybercrime regardless of whether it is successful.

“Hacking is defined by the illegal attempt itself, not by success,” she stated.

Xu’s Whereabouts Unknown

The mastermind, Xu Liangbiao, left Singapore in August 2023, right before ten people were arrested in the nation’s billion-dollar money laundering investigation, according to police confirmation. We don’t know where he is right now.

Numerous gadgets, servers, and cryptocurrency wallets connected to the three were confiscated by the authorities. Their interactions with other hackers, such as Sun Jiao, who was purportedly creating specialized hacking software for them, were also exposed by the probe.

A Warning for Singapore’s Cybersecurity Landscape

The group’s actions highlight the transnational aspect of contemporary cybercrime, even if they refrained from attacking the Singaporean government or local websites.

The example demonstrates how international hacker networks take advantage of cross-border digital infrastructure, converting even highly secure countries into unintentional targets for cyberattacks.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.