DOJ Charges Chinese Nationals and Officials Over US Hacking Operations

Already a subscriber? Make sure to log into your account before viewing this content. You can access your account by hitting the “login” button on the top right corner. Still unable to see the content after signing in? Make sure your card on file is up-to-date.

The Department of Justice has announced the indictment of 12 Chinese nationals, including two government officials, for their involvement in a widespread hacking operation that targeted US government agencies, dissidents, and international organizations.

Some shit you should know before you read: If you’re unaware, the Chinese government uses a network of state-backed hackers and cyber mercenaries to conduct espionage, steal intellectual property, and infiltrate critical infrastructure—all while maintaining plausible deniability. Over the past decade, Chinese hacking groups, often referred to as Advanced Persistent Threats (APTs), have been linked to attacks on US defense contractors, telecommunications networks, and power grids. These cyber operations allow China to gather intelligence and position itself for potential cyber warfare scenarios without directly implicating the government. Top US officials under both the Biden and Trump administrations have repeatedly warned that Chinese hackers have embedded themselves in America’s critical infrastructure, including water treatment facilities, energy grids, and transportation systems. Intelligence assessments suggest that in the event of a conflict—particularly over Taiwan—China could activate these dormant cyber intrusions to cripple US infrastructure, disrupt military logistics, and sow chaos domestically, delaying or weakening America’s ability to respond.

What’s going on now: In an announcement, the DOJ confirmed that 12 Chinese nationals, including two officers from China’s Ministry of Public Security (MPS), have been charged for their roles in a large-scale hacking operation that targeted US government agencies, dissidents, religious organizations, and foreign ministries in Asia. The accused hackers, who operated through the China-based cybersecurity firm Anxun Information Technology Co. Ltd. (i-Soon), allegedly worked both independently and at the direction of the MPS and the Ministry of State Security (MSS) to steal sensitive data. According to the DOJ, this network of cyber mercenaries cast a wide net, hacking vulnerable computers, identifying valuable information, and then selling it either directly to Chinese government agencies or on the open market.

The 2024 breach of the US Treasury Department, which compromised government networks and sensitive communications, is among the most high-profile incidents linked to the group.

The DOJ also claims that i-Soon and its employees were embedded in China’s state-backed hacking ecosystem, profiting from both government contracts and independent cybercrime. Court documents reveal that i-Soon charged between $10,000 and $75,000 for each successfully compromised email inbox, with at least 43 different MSS and MPS bureaus across 31 Chinese provinces purchasing stolen data. The hackers also allegedly trained MPS employees in cyber intrusion techniques, further strengthening the government’s offensive cyber capabilities.

The indictment specifically names Wu Haibo (CEO of i-Soon), Chen Cheng (COO), Wang Zhe (Sales Director), and several technical staff members, as well as two MPS officers, Wang Liyu and Sheng Jing, for their roles in orchestrating and executing cyberattacks.

In response, the Treasury Department has sanctioned Zhou Shuai and Yin Kecheng, two key figures in the Advanced Persistent Threat 27 (APT27) hacking group, which has been tied to the broader network. Zhou operated Shanghai Heiying Information Technology Co. Ltd., a company used to facilitate cyber intrusions, while Yin played a key role in the 2024 Treasury hack.

As of now, none of the 12 indicted individuals have been arrested, and all remain at large in China. The State Department has offered a $10 million reward for information leading to their arrest, alongside an additional $2 million bounty for Zhou and Yin.

US Official reacts: In a statement, Bryan Vorndran, assistant director of the FBI’s cyber division, said, “To those who choose to aid the CCP in its unlawful cyber activities, these charges should demonstrate that we will use all available tools to identify you, indict you, and expose your malicious activity for all the world to see.”