The United States Department of Justice (DOJ) has taken action against a major cyber threat, opening indictments against 12 Chinese nationals, including two officers from China’s Ministry of Public Security (MPS) and several employees of the Chinese technology firm i-Soon.
This move is part of a coordinated effort to stop global cybercrime and protect critical U.S. infrastructure from foreign attacks.
Crackdown on Cybercrime
On Wednesday, the DOJ announced charges against Zhou Shuai, Yin Kecheng, and eight employees of i-Soon, a company allegedly engaged in a cybeattack. According to the U.S. government, these individuals participated in a hacking campaign targeting key sectors such as defense, healthcare, communications, and government agencies.
Alongside the indictments, the U.S. government also imposed sanctions on Zhou Shuai and his company, Shanghai Heiying Information Technology Company. Zhou is accused of illegally obtaining and selling sensitive data from U.S. infrastructure networks. The Department of State’s spokesperson, Tammy Bruce, emphasized that Zhou’s actions risked national security and violated international norms regarding cyber activities.
Hacker-for-Hire Operations Exposed
The indictments shed light on China’s extensive hacker-for-hire ecosystem, which allegedly operates under the direction of the Ministry of Public Security (MPS) and the Ministry of State Security (MSS). The DOJ, Federal Bureau of Investigation (FBI), Naval Criminal Investigative Service (NCIS), and Departments of State and Treasury collaborated to expose these cyber operations.
According to court documents, the accused hackers engaged in cyber intrusions for profit, either independently or at the behest of Chinese intelligence agencies. Their targets included U.S. critics of the Chinese Communist Party (CCP), a religious organization in the U.S., foreign ministries of Asian governments, and multiple American federal and state agencies, including the U.S. Department of the Treasury.
Assistant Director Bryan Vorndran of the FBI’s Cyber Division stated, “The FBI is committed to protecting Americans from foreign cyber-attacks. Today’s announcements reveal that the Chinese Ministry of Public Security has been paying hackers-for-hire to inflict digital harm on Americans who criticize the Chinese Communist Party.”
The Scope of Cyber Intrusions
The DOJ’s investigation revealed an extensive network of private companies and contractors in China engaged in state-sponsored hacking. These entities worked to obscure the PRC government’s involvement while conducting cyber intrusions, stealing information, and selling it for profit. The hackers often targeted victims indiscriminately, leading to widespread vulnerabilities and potential threats to global cybersecurity.
The stolen data was either handed over to Chinese government agencies or sold to third parties, exacerbating security risks. This reckless approach not only violated privacy rights but also left countless systems vulnerable to future attacks.
Indictments and Arrest Warrants
In the Southern District of New York, federal courts opened indictments against eight i-Soon employees and two MPS officers for conducting cyberattacks from 2016 to 2023. The DOJ also seized i-Soon’s primary internet domain, disrupting the company’s operations.
Acting U.S. Attorney Matthew Podolsky for the Southern District of New York highlighted the severity of the charges, stating, “For years, these 10 defendants—including two PRC officials—used sophisticated hacking techniques to target religious organizations, journalists, and government agencies. These charges will help stop these state-sponsored hackers and protect our national security.”
The FBI has issued arrest warrants for the indicted individuals, who remain at large. In a parallel move, the U.S. Department of State’s Rewards for Justice (RFJ) program has announced a reward of up to $10 million for information leading to the identification or location of individuals engaged in malicious cyber activities on behalf of a foreign government.
The ten wanted individuals include:
- Wu Haibo (CEO of i-Soon)
- Chen Cheng (COO of i-Soon)
- Wang Zhe (Sales Director)
- Liang Guodong, Ma Li, Wang Yan, Xu Liang, Zhou Weiwei (Technical Staff)
- Wang Liyu, Sheng Jing (MPS Officers)
The defendants are accused of generating millions in revenue through their hacking services. i-Soon allegedly charged between $10,000 and $75,000 per successfully exploited email account and trained Chinese government officials in cyber intrusion techniques.
Targeted Organizations and Global Impact
The indictment reveals that i-Soon targeted various organizations critical of the Chinese government. These included:
- A large U.S.-based religious organization previously active in China
- U.S. news outlets critical of the CCP
- The New York State Assembly
- Human rights and religious freedom organizations
- Foreign ministries in Taiwan, India, South Korea, and Indonesia
- A Hong Kong-based newspaper opposing the Chinese government
These attacks not only affected the United States but also had a significant global impact, raising concerns among international allies about China’s cyber operations.
Actions Against APT27 Group
In a separate indictment unsealed in the District of Columbia, Yin Kecheng and Zhou Shuai were charged for their involvement in a decade-long hacking campaign linked to the cyber threat group Advanced Persistent Threat 27 (APT27). The FBI has issued wanted posters for both individuals, who remain in China.
The U.S. Department of State’s Bureau of International Narcotics and Law Enforcement Affairs has announced a $2 million reward for information leading to their arrests.
Interim U.S. Attorney Edward R. Martin Jr. for the District of Columbia remarked, “These indictments show our commitment to holding Chinese hackers accountable. The defendants have been hacking for the Chinese government for years, and we demand that the PRC stop protecting these cybercriminals.”
As cyber threats continue to evolve, experts believe that governments worldwide must take proactive steps to address vulnerabilities and hold malicious actors accountable. The latest indictments mark a major step in the fight against state-sponsored cybercrime, sending a clear message that the U.S. will not tolerate foreign-backed hacking operations.