The US Justice Department has indicted Chinese state security officers and hackers from APT27 and i-Soon for widespread cyberattacks targeting global victims since 2011. This sophisticated campaign involved breaches of US federal and state government agencies, foreign ministries, dissidents, and a major US religious organization.
The Justice Department stated, “These malicious cyber actors, acting as freelancers or as employees of i-Soon, conducted computer intrusions at the direction of the PRC’s MPS and Ministry of State Security (MSS) and on their own initiative. The MPS and MSS paid handsomely for stolen data.”
Two MPS officers and eight i-Soon employees face charges. The DOJ also seized the i-Soon domain used to advertise its “hack-for-hire” services. A significant reward is offered: the State Department’s Rewards for Justice (RFJ) program is offering up to $10 million for information leading to the apprehension of the following individuals:
- Wu Haibo (吴海波), CEO
- Chen Cheng (陈诚), COO
- Wang Zhe (王哲), Sales Director
- Liang Guodong (梁国栋), Technical Staff
- Ma Li (马丽), Technical Staff
- Wang Yan (王堰), Technical Staff
- Xu Liang (徐梁), Technical Staff
- Zhou Weiwei (周伟伟), Technical Staff
- Wang Liyu (王立宇), MPS Officer
- Sheng Jing (盛晶), MPS Officer
Indictments reveal i-Soon conducted intrusions at the MSS’s behest, independently hacked targets, and attempted to sell stolen data to numerous MSS/MPS bureaus. Their pricing ranged from 10,000 to 10,000 to 10,000 to 75,000 per compromised inbox.
Reward for information on i-Soon hackers (US State Department)
They also provided training to MPS employees. This highlights the concerning intersection of state-sponsored actors and commercially motivated cybercrime. Learn more about the evolving landscape of ransomware attacks and their impact on enterprises.
Additionally, Yin Kecheng (YKCAI) and Zhou Shuai (Coldface), linked to APT27, were charged for their roles in this global hacking campaign. The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned them, and the State Department announced rewards of up to $2 million for information leading to their arrests and convictions.
The DOJ detailed their methods: “As alleged in court documents, between August 2013 and December 2024, Yin, Zhou, and their co-conspirators exploited vulnerabilities in victim networks, conducted reconnaissance once inside those networks, and installed malware, such as PlugX malware, that provided persistent access.”
They then stole data, brokered its sale, and provided it to various customers, some with ties to the PRC government and military. This underscores the critical need for robust cybersecurity measures, especially in light of the increasing sophistication of these attacks. Understanding the top cyber threats facing enterprise businesses in 2025 is crucial for effective mitigation.
These indictments and sanctions represent a significant step in combating Chinese cyberattacks. Previous actions include OFAC sanctions against Sichuan Silence and Integrity Tech for their roles in ransomware attacks and cyberattacks linked to the Flax Typhoon hacking group.
Helpful Reads:
