The US Justice Department, FBI, and other agencies have announced criminal charges against 12 Chinese nationals linked to large-scale hacking campaigns.
The accused include two officials from China’s Ministry of Public Security (MPS), employees of the Chinese technology firm Anxun Information Technology Co., Ltd. (also known as i-Soon), and members of the hacker group APT27.
According to court filings, the group ran an aggressive hacker-for-hire operation that attacked critics of the Chinese government, stole sensitive data, and targeted organizations across the globe — including US federal agencies, religious groups, and foreign governments.
Who Was Targeted?
The hacking campaigns, which ran from at least 2016 to 2024, targeted:
- US-based critics of China’s government
- A major religious group openly critical of Beijing
- US government agencies, including the Treasury Department
- News outlets that reported uncensored information about China
- Foreign ministries of countries including Taiwan, South Korea, India, and Indonesia
The hackers also infiltrated the New York State Assembly, targeting a representative who had contact with a banned religious group in China.
How the Hacker-for-Hire Operation Worked
The court documents describe a sophisticated network where Chinese government agencies hired private hackers to conduct cyberattacks.
In other cases, freelance hackers broke into systems, then sold the stolen data back to China’s security services.
Key points about the operation:
- Hackers exploited vulnerable computers worldwide
- Stolen data was sold to China’s Ministry of State Security (MSS) and Ministry of Public Security (MPS)
- Data was also sold to third parties, including other companies and government bodies in China
- Prices ranged from $10,000 to $75,000 for a single compromised email inbox
i-Soon’s Role in China’s Cyber Ecosystem
Anxun Information Technology Co., Ltd., or i-Soon, is accused of playing a central role in this hacking network.
The company marketed its services to government and private clients and made tens of millions of dollars in revenue.
According to US prosecutors, i-Soon:
- Trained Chinese government staff to conduct hacks themselves
- Offered a menu of hacking services to paying customers
- Carried out cyberattacks requested by the MSS and MPS
- Targeted both domestic and international organizations
Charges Unsealed in New York and Washington
In the Southern District of New York, a newly unsealed indictment charges:
- 8 employees of i-Soon, including its CEO and top technical staff
- 2 officers from China’s Ministry of Public Security
The defendants allegedly ran a broad hacking campaign from 2016 to 2023, compromising email accounts, websites, servers, and phones.
They reportedly used stolen data to support Chinese government repression efforts and espionage.
The US has seized i-Soon’s primary website used to promote its hacking services.
US. v. Yin Kecheng and Zhou Shuai
In a separate case filed in Washington, DC, two Chinese hackers — Yin Kecheng and Zhou Shuai — face charges for their role in hacking campaigns dating back to 2013. Both men are tied to APT27, a group known by several names, including:
- “Threat Group 3390”
- “Emissary Panda”
- “Silk Typhoon”
The two allegedly broke into US. companies, government networks, universities, and healthcare systems.
Once inside, they planted malware, stole data, and then sold it.
Some data went directly to the Chinese government; other data was sold to private buyers.
Hiring? Post jobs for free with WhatJobs
Rewards and Sanctions
The US State Department has offered:
- Up to $10 million for information leading to the capture of the 10 defendants in the New York case
- $2 million each for tips leading to the arrest of Yin Kecheng and Zhou Shuai
The US Treasury Department has also imposed sanctions on the hackers and the companies they used to support their cybercrimes.
Microsoft and Private Sector Involvement
Private cybersecurity firms, including Microsoft, Volexity, PwC, and Mandiant, played a key role in exposing these attacks. Microsoft has published updated research into Silk Typhoon’s hacking techniques, helping organizations worldwide defend against similar threats.
Need Career Advice? Get employment skills advice at all levels of your career
What This Means for Global Cybersecurity
The US government has made it clear that state-sponsored hacking will not go unchallenged. By exposing China’s hacker-for-hire industry, officials hope to disrupt future attacks and warn other nations about the risks posed by Beijing’s cyber operations.
With coordinated efforts between governments, private companies, and law enforcement, the goal is to dismantle China’s global hacking ecosystem and protect sensitive data from further exploitation.
