Beijing Leveraging Freelance Hackers and Information Security Companies to Compromise Computer Networks Worldwide
The Federal Bureau of Investigation (FBI) is releasing a Public Service Announcement to highlight the Chinese government's clandestine efforts to compromise computer networks worldwide. The alert, released on March 5, 2025, reveals that Beijing has been utilizing formal and informal connections with freelance hackers and information security companies to infiltrate victim networks and collect sensitive data for its intelligence services.
China's information security ecosystem thrives due to the government's strategic manipulation of cybersecurity firms. By tasking legitimate cybersecurity companies to provide expertise in unauthorized access, China's primary intelligence service, the Ministry of State Security (MSS), and domestic police agency, the Ministry of Public Security (MPS), have created a lucrative black market for stolen data. This ecosystem not only fosters indiscriminate global cyber activity but also provides the Chinese government with a layer of plausible deniability.
One key player in China's information security ecosystem is i-Soon Information Technology Co., Ltd., which has been working closely with at least 43 separate MSS or MPS bureaus in 31 provinces and municipalities across China. The company's employees, including eight indicted individuals, have sold stolen data to the MSS and MPS from a range of victims, including US-based critics of the Chinese government, Chinese dissidents, a US news organization, a large US-based religious organization, multiple governments in Asia, and US federal and state government agencies.
The stolen data, often obtained through i-Soon's activities as "Aquatic Panda," "Red Alpha," "Red Hotel," "Charcoal Typhoon," "Red Scylla," "Hassium," "Chromium," and "TAG-22," was used to suppress free speech and democratic processes worldwide, targeting groups deemed a threat to the Chinese government. Additionally, i-Soon sold platforms to MSS and MPS customers for their own hacking efforts.
Furthermore, two indictments have been unsealed in the District Court for the District of Columbia against freelance Chinese hackers Yin KeCheng and Zhou Shuai. Both individuals maintained ties to i-Soon and the Chinese government, operating in China's information security ecosystem since 2011. They enriched themselves by selling stolen US information to the Chinese government.
Yin KeCheng, known in Chinese hacking circles for his prolific targeting of US entities, had previously stated that he wanted to "mess with the American military" and "break into a big target." He hoped that the proceeds from selling stolen US data would be enough to purchase a car. On one occasion, Yin compromised sensitive data, which he turned over to Zhou, who partnered with an i-Soon employee to sell the stolen data.
The FBI has warned of the threat posed by groups associated with the government of China. If you suspect that you have been a victim of malicious cyber activity, it is essential to report the suspicious activity to the FBI's Internet Crime Complaint Center (IC3) at www.IC3.gov as quickly as possible.
Stay informed about the latest developments in this ongoing saga and protect yourself from cyber threats by staying vigilant and reporting any suspicious activity to the authorities. The FBI will continue to monitor and respond to these emerging threats, ensuring that victims receive the necessary support and protection.