SINGAPORE: Three men from Henan, China, came to Singapore for a job offer posed by a Ni-Vanuatu citizen and were later housed in a bungalow to perform hacking work into gambling websites and obtain illicit access to a Chinese SMS service company.
The men were later paid US$3 million (S$3.9 million) in cryptocurrency for their work.
A police raid of the Mount Sinai bungalow they were living in uncovered malware-related files on their devices, including remote access trojans (RATs) associated with plugX and a known hacking group, Shadow Brokers.
plugX is a sophisticated RAT associated with known advanced persistent threat or state-sponsored hacker groups, while the Shadow Brokers are a hacker group that has stolen and leaked tools and zero-day vulnerabilities from the United States’ National Security Agency.
The leaking of one such zero-day vulnerability enabled the subsequent WannaCry ransomware attacks from 2017 onwards.
While the hackers attempted to avoid government sites, one of their laptops contained messages discussing vulnerable domains, including five Australian, Argentine and Vietnamese government domains, while another contained a confidential email between officers of Kazakhstan’s Ministry of Foreign Affairs and Ministry of Industry and Infrastructure Development.
The three Chinese criminals are Yan Peijian, 39, Huang Qin Zheng, 36, and Liu Yuqi, 33.
On Wednesday (Nov 5), Yan and Huang were sentenced to 28 months and one week in prison, and Liu got 28 months and four weeks’ jail.
When a prison sentence is imposed that combines months with four weeks or more, CNA reports the sentences as spelt out by the court as months vary in length.
THE CASE
Yan had a background in information technology, previously running a business creating websites for companies, while Liu taught himself web design.
In 2022, there were bad economic prospects in China as a result of the COVID-19 pandemic.
The trio, who knew each other, knew a 38-year-old Ni-Vanuatu citizen called Xu Liangbiao.
He made an offer for them to come to Singapore to work for him, and they agreed to it.
Xu arranged for false applications for work permits to be made for the trio through companies that they did not know about. Yan was to be a sales representative, and Huang and Liu were to be construction workers.
They entered Singapore on fraudulently obtained work permits, which they did not know at the time were false, as they assumed Xu would handle their administrative requirements.
In early September 2022, the trio came to Singapore and were taken to the premises of their supposed employers and briefed on the business for the purpose of being able to provide a cover story if they were ever asked about their employment.
They never worked at those companies. Instead, between September 2022 and May 2023, they were put up in accommodation at Xu’s expense and did no work.
They returned to China for Chinese New Year in 2023 and returned to Singapore in May 2023.
This time, Xu asked them to work for him. He later tasked his subordinate Chen Yiren to rent a property to house the trio. Chen arranged for a bungalow in the Mount Sinai area to be rented for them, and the trio moved in.
Chen took charge of the logistics, including arranging for rental payments of S$33,000 in cash and getting moonlighting foreign workers to cook and clean at the home.
Through Chen, Xu also gave the trio money for day-to-day expenses, such as a sum of about S$52,000 seized from Yan during his arrest.
The trio were paid about S$2,000 in monthly salaries from early 2024 to maintain their false employment front.
.jpg?itok=WCpRnQzi "Pritam Singh’s appeal on Nov 4: A look back at how he was found guilty of lying to a parliamentary committee")
