The U.S. DoJ Charges 12 Chinese Nationals for State-Linked Cyber Operations

The U.S. Department of Justice (DoJ) has charged 12 Chinese nationals, including PRC security officers, employees of the hacking firm i-Soon, and members of the APT27 group (aka Emissary Panda, TG-3390, Bronze Union, and Lucky Mouse), for their alleged involvement in state-linked cyber operations.

According to a press release published by DoJ, Chinese threat actors, working for i-Soon or freelancing, hacked targets worldwide under PRC orders, including U.S. critics, Asian governments, and the U.S. Treasury in late 2024. The PRC's Ministry of Public Security (MPS) and MSS used private firms and private hackers to obscure state involvement in cyber theft.

These threat actors exploited vulnerable systems for profit, selling stolen data to the PRC government or third parties. This broad hacking approach led to more global intrusions and exposed systems to future attacks.

The Indictment

A federal court in Manhattan unsealed an indictment against eight i-Soon employees and two MPS officers for hacking email accounts, phones, servers, and websites from 2016 to 2023. The U.S. also seized i-Soon's primary domain.

Acting U.S. Attorney Matthew Podolsky condemned the China-backed cyber activities targeting religious groups, journalists, and government agencies.

The Rewards for Justice Program

The FBI is seeking the defendants, and the State Department's Rewards for Justice program offers up to $10 million for information on individuals conducting state-sponsored cyberattacks against U.S. infrastructure.

The US authorities are offering a reward for the following individuals:

“The Department of Justice today unsealed indictments charging Zhou Shuai and Yin Kecheng, eight employees of i-Soon, a Chinese technology company, and two officers of China's Ministry of Public Security (MPS) with a variety of hacking-related offenses. Further, the Diplomatic Security Service’s Rewards for Justice Program (RFJ) is offering up to $10 million for information on i-Soon, its employees, and the MPS officers engaged in malicious cyber activities highlighted in the Department of Justice’s indictments.” reads the announcement by the U.S. Department of State.

“Additionally, the United States imposed sanctions on the Shanghai-based malicious cyber actor and data broker, Zhou Shuai, and his company, Shanghai Heiying Information Technology Company. Zhou Shuai illegally acquired, brokered, and sold data from highly sensitive U.S. critical infrastructure networks, including in the defense industrial base, communications, health, and government sectors.”

The Department of State also announced reward offers under the Transnational Organized Crime Rewards Program (TOCRP) of up to $2 million each for information leading to the arrests and/or convictions of Zhou Shuai and Yin Kecheng.

The Charges Against i-Soon Employees

HAIBO, 43; CHENG, 40; GUODONG, 32; LI, 31; YAN, 35; ZHE, 44; WEIWEI, 37; LIANG, 28; LIYU, 36; and JING, 36, all nationals of China, are charged with conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison, and conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison.

The maximum potential sentences are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendants will be determined by a judge.