Introduction
The US authorities have indicted 12 Chinese nationals for their involvement in a decade-long cyber-espionage campaign linked to the Chinese government. This campaign, characterized by sophisticated hacking activities, has caused significant financial damages and heightened tensions between the US and China.
Description
US authorities have indicted 12 Chinese nationals for their involvement in a decade-long cyber-espionage campaign linked to the Chinese government, characterized by sophisticated hacking activities that have caused millions of dollars in damages. Among those charged are ten individuals from Anxun Information Technology, known as i-Soon [7] [9] [10], a Chinese cybersecurity firm [8], as well as two officers from the People’s Republic of China’s Ministry of Public Security (MPS) [5] [7]. This indictment [2] [3] [4] [5] [6] [10] [11], unsealed in federal courts in Manhattan and Washington [5], DC, alleges that the defendants engaged in malicious cyber activities from approximately 2011 to 2023, targeting US-based critics of the Chinese government [1] [5] [7] [11], various foreign ministries—including those of Taiwan, India [1] [5] [8], South Korea [1] [5] [8], and Indonesia—a large religious organization critical of the Chinese government [1], journalists [5] [9], and multiple federal and state agencies [5], including the Defense Intelligence Agency and the Department of Commerce [8].
The charges highlight the extensive data collection efforts by the Chinese government on American citizens and Chinese dissidents, underscoring a growing hacking-for-hire ecosystem in China [3], where private companies like i-Soon are allegedly contracted by the state to target individuals of interest [3] [4], providing the government with plausible deniability [3]. The indictment specifically names Wu Haibo, the founder and CEO of i-Soon, established in Shanghai in 2010 [3], which is accused of overseeing extensive computer breaches aimed at suppressing free speech [3] [4], locating dissidents [3] [4], and stealing sensitive data [8] [9]. The hackers, including i-Soon’s COO Chen Cheng, are alleged to have conducted intrusions under the direction of the MPS and the Ministry of State Security (MSS), while also operating as freelancers motivated by profit. They reportedly charged Chinese agencies between $10,000 and $75,000 for each compromised email inbox [1] [4] [6] [7], generating significant revenue for i-Soon [5]. The hackers utilized various methods [8], including exploiting vulnerabilities [8], deploying malware [8], and phishing schemes [8], to steal sensitive data [8] [9], and operated with considerable autonomy, selecting their own targets and selling stolen information to Chinese government clients [2]. Yin Kecheng [2] [3] [4] [5] [6], one of the indicted hackers [2], expressed a preference for American targets [2], particularly major defense contractors [2].
The investigation [7], which predates the current administration [7], represents a significant national security case related to cyber threats [7]. The US Department of Justice has emphasized its commitment to dismantling cyber operations that threaten national security [7], exposing the involvement of Chinese government agents in these cyberattacks [1]. In a related effort, the Department has seized internet domains associated with the accused [8] [10], including those linked to previous network intrusions and a virtual private server used by co-conspirator Zhou Shuai. None of the defendants are currently in US custody [11], and in an effort to locate them, the US Department of State has announced a reward of up to $10 million for information leading to their identification or location [5]. The hacking activities have intensified tensions between the US and China [11], with accusations of intellectual property theft and cyber intrusions into US military networks [11].
In a separate but related case, Yin Kecheng and Zhou Shuai [3] [4] [5] [6], associated with the hacking group Advanced Persistent Threat 27 (APT27), have been indicted for their involvement in long-term hacking campaigns dating back to 2013 [5], which targeted US technology companies [3] [4] [6], think tanks [3] [4] [6] [10], defense contractors [2] [3] [4] [6] [10], and healthcare systems [3] [4] [6] [8] [10]. This includes a significant breach of the US Treasury Department that compromised at least 400 computers and resulted in the theft of over 3,000 files between September and December of the previous year. The US Treasury has imposed sanctions on Yin for his role in these activities [5], highlighting the coordinated efforts by US authorities to disrupt the ecosystem of state-sponsored hacking and protect national security from foreign cyber threats [5]. The activities of i-Soon and similar companies reflect a growing demand for overseas intelligence by Chinese state security [4], leading to the proliferation of private hacking contractors [4]. Despite facing challenges following a significant leak of confidential information last year, including contracts with Chinese security and military entities [11], i-Soon remains operational [3], albeit downsized, as the close ties among early patriotic hackers in China have evolved into entrepreneurial ventures that profit from government contracts [3].
Conclusion
The indictment of these individuals underscores the ongoing cyber threat posed by state-sponsored hacking activities. The US government’s response [6], including legal actions and sanctions, aims to mitigate these threats and protect national security. As cyber-espionage tactics evolve, international cooperation and robust cybersecurity measures will be crucial in addressing future challenges and maintaining global stability.
References
[1] https://www.bbc.com/news/articles/cj4nw84dzr8o
[2] https://www.wired.com/story/us-charges-12-alleged-spies-in-chinas-freewheeling-hacker-for-hire-ecosystem/
[3] https://www.nbcnews.com/news/world/us-charges-chinese-hackers-broad-cybercrime-campaign-rcna195062
[4] https://abcnews.go.com/US/wireStory/us-charges-chinese-hackers-government-officials-broad-cyberespionage-119480692
[5] https://www.justice.gov/opa/pr/justice-department-charges-12-chinese-contract-hackers-and-law-enforcement-officers-global
[6] https://apnews.com/article/justice-department-china-fbi-hacking-0bd01004160d63904374bb25cf3eae6c
[7] https://www.cybersecurityintelligence.com/blog/us-has-charged-12-chinese-nationals-of-hacking-us-firms-8296.html
[8] https://www.nextgov.com/cybersecurity/2025/03/us-charges-12-chinese-nationals-hacks-government-systems/403491/
[9] https://www.usatoday.com/story/news/politics/2025/03/05/chinese-cyber-hacking-federal-charges/81612072007/
[10] https://www.csoonline.com/article/3840168/us-charges-12-chinese-hackers-in-major-government-backed-espionage-campaign.html
[11] https://www.cnn.com/2025/03/05/politics/us-charges-chinese-hackers/index.html
