US charges 12 Chinese contract hackers in computer intrusion campaigns

The US Department of Justice on Wednesday (local time) unsealed indictments charging Zhou Shuai and Yin Kecheng, eight employees of Chinese technology company i-Soon and two officers of Chinese Ministry of Public Security (MPS) on various hacking-related offenses.

Furthermore, the US imposed sanctions on the Shanghai-based malicious cyber actor and data broker, Zhou Shuai, and his company, Shanghai Heiying Information Technology Company. According to the US Department of State spokesperson Tammy Bruce's statement, Zhou Shuai illegally acquired, brokered, and sold data from highly sensitive US critical infrastructure networks, including those in the defense industrial base, communications, health, and government sectors.

The US Department of State announced reward offers under the Transnational Organized Crime Rewards Program (TOCRP) of up to $2 million each for information leading to the arrests and/or convictions of Zhou Shuai and Yin Kecheng, according to the statement.

In a press release, the US Department of Justice stated, "These malicious cyber actors, acting as freelancers or as employees of i-Soon, conducted computer intrusions at the direction of the PRC's MPS and Ministry of State Security (MSS) and on their own initiative. The MPS and MSS paid handsomely for stolen data. Victims include U.S.-based critics and dissidents of the PRC, a large religious organization in the United States, the foreign ministries of multiple governments in Asia, and US federal and state government agencies, including the U.S. Department of the Treasury (Treasury) in late 2024."

In addition, Diplomatic Security Service's Rewards for Justice Program (RFJ) is offering up to USD 10 million for information on i-Soon, its employees, and the MPS officers engaged in malicious cyber activities highlighted in the Department of Justice's indictments.

In a press release, Tammy Bruce stated, "As evidenced by today's, and previous announcements, China offers safe harbor for private sector companies that conduct malicious cyber activity against the United States and its partners. The Chinese Communist Party also appears to contract them with varying degrees of control and effectiveness. China-backed malicious cyber actors continue to be one of the greatest and most persistent threats to US national security."

"Today's multi-agency effort reflects our whole-of-government approach to protecting and defending against China-based cyber threats to Americans, their sensitive personal data, and our critical systems. President Trump is committed to protecting the American people and US critical infrastructure from these pervasive threats, and we will resolutely use all the tools at our disposal to do so," he added.

Sue J Bai, head of the Justice Department's National Security Division, said, "The Department of Justice will relentlessly pursue those who threaten our cybersecurity by stealing from our government and our people. Today, we are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed. We will continue to fight to dismantle this ecosystem of cyber mercenaries and protect our national security."

Assistant Director Bryan Vorndran of the FBI's Cyber Division expressed the FBI's commitment to protecting people of the US from foreign cyber attacks.

"Today's announcements reveal that the Chinese Ministry of Public Security has been paying hackers-for-hire to inflict digital harm on Americans who criticize the Chinese Communist Party (CCP). To those victims who bravely came forward with evidence of intrusions, we thank you for standing tall and defending our democracy. And to those who choose to aid the CCP in its unlawful cyber activities, these charges should demonstrate that we will use all available tools to identify you, indict you, and expose your malicious activity for all the world to see," Bryan Vorndran stated.