Sanctions on China-Based Hacker and Data Broker

The Department of Justice today unsealed indictments charging eight employees of i-Soon, a Chinese technology company, and two officers of China's Ministry of Public Security (MPS) with a variety of hacking-related offenses. This move marks a significant escalation in the US government's efforts to combat malicious cyber activity emanating from China.

The indictments target Zhou Shuai, a Shanghai-based malicious cyber actor and data broker, as well as his company, Shanghai Heiying Information Technology Company Limited (Shanghai Heiying). The US government alleges that Shuai illegally acquired, brokered, and sold sensitive data from highly critical infrastructure networks in the defense industrial base, communications, health, and government sectors.

The Department of State is also offering reward offers under the Transnational Organized Crime Rewards Program (TOCRP) of up to $2 million each for information leading to the arrests and/or convictions of Shuai and another suspect, Yin Kecheng. The Diplomatic Security Service's Rewards for Justice Program (RFJ) is also offering a total of up to $10 million for information on i-Soon, its employees, and the MPS officers engaged in malicious cyber activities highlighted in the Department of Justice's indictments.

The US government claims that China offers safe harbor for private sector companies conducting malicious cyber activity against the United States and its partners. The Chinese Communist Party also appears to contract these actors with varying degrees of control and effectiveness, highlighting a persistent threat to U.S. national security.

"Today's multi-agency effort reflects our whole-of-government approach to protecting and defending against China-based cyber threats to Americans, their sensitive personal data, and our critical systems," said Tammy Bruce, Department Spokesperson. "President Trump is committed to protecting the American people and U.S. critical infrastructure from these pervasive threats, and we will resolutely use all the tools at our disposal to do so."

The Department of the Treasury sanctions actions were taken pursuant to Executive Order (E.O.) 13694, as amended. The sanctions target Shuai and his company, Shanghai Heiying Information Technology Company Limited.

For more information on this development, please see the following press releases from the Department of Justice, the Department of State, and the Treasury Department.

Press Releases:

  • The Department of Justice's press release: [insert link]
  • The Department of State's press release: [insert link]
  • The Treasury Department's press release: [insert link]