US Indicts 12 Chinese Nationals in Global Hacking Scheme TargetingCritics of China
The U.S. Department of Justice (DOJ) has unveiled a significant indictment against 12 Chinese nationals accused of participating in a global "hackers-for-hire" scheme aimed at targeting critics of the Chinese Communist Party (CCP) and other high-value entities. This case sheds light on a sophisticated and expansive cyber-espionage operation directed by the Chinese government, which has allegedly been ongoing for years. The indictment, unsealed on Wednesday, reveals a complex web of state-sponsored cyberattacks that have caused significant harm to individuals, organizations, and governments worldwide.
TheScope of the Indictment and Allegations
The indictment accuses China’s Ministry of Public Security (MPS) and Ministry of State Security (MSS) of orchestrating and financing these operations. The hackers targeted a wide range of victims, including U.S.-based critics of the CCP, a major religious organization in the United States, foreign ministries of several Asian governments, and U.S. federal and state government agencies. The most recent attacks were reported as late as 2024. The DOJ alleged that the Chinese government not only directed these cyberattacks but also allowed the hackers to profit from unrelated cybercrimes, selling stolen data through Chinese data brokers.
Two of the indicted individuals, Yin "YKC" Kecheng and Zhou "Coldface" Shuai, have been linked to a well-known state-sponsored hacking group called APT27, also referred to as "LuckyMouse" or "Emissary Panda." This group has been active since 2010, initially focusing on cyber-espionage against corporate and government systems in the West, the Middle East, and Taiwan. Over time, their operations expanded to include profit-driven cybercrimes. Yin and Zhou are accused of leading "sophisticated computer hacking conspiracies" that caused millions of dollars in damages to U.S.-based victims from 2011 to the present. Both individuals have previously faced charges for fraud, identity theft, and money laundering.
The Role of Anxun Information Technology and Chinese Intelligence Agencies
In addition to Yin and Zhou, two MPS officers and eight employees of Anxun Information Technology Co. Ltd. (also known as i-Soon) were also indicted. The DOJ described i-Soon as a "key player" in China’s hacker-for-hire ecosystem, generating tens of millions of dollars in revenue. The company operated under the guise of a private business but was deeply embedded in state-sponsored cyber operations. In some cases, i-Soon conducted cyberattacks at the direct request of the MSS or MPS, including efforts to suppress dissent abroad. In other instances, the company acted on its own initiative, stealing data and selling it to various branches of the MSS or MPS across China.
The indictment revealed that Chinese intelligence agencies paid i-Soon handsomely for their services, with fees ranging from $10,000 to $75,000 per hacked email inbox. Additionally, i-Soon was contracted to train MPS operatives in advanced hacking techniques. The company’s operations were not limited to the United States; it also targeted foreign ministries in Taiwan, India, South Korea, and Indonesia. These revelations provide further evidence of China’s global cyberambitions and its willingness to exploit private companies for state-sponsored cyber aggression.
The U.S. Government’s Response and Joint Operation
The disruptions to the malicious activities of the 12 indicted individuals were the result of a coordinated effort between multiple U.S. agencies, including the DOJ, Naval Criminal Investigative Service (NCIS), the State Department, and the Treasury Department. All 12 defendants remain at large, and the FBI is actively seeking their apprehension. The State Department’s Rewards for Justice program has also offered a reward of up to $10 million for information leading to the identification or location of suspects involved in malicious cyber activities against U.S. critical infrastructure under the direction of foreign governments.
Interim U.S. Attorney for the District of Columbia Edward R. Martin Jr. emphasized the gravity of the charges, stating that the evidence clearly demonstrates the defendants’ criminal wrongdoing. He called on the Chinese government to cease its support for these activities, which have targeted victims worldwide. A State Department spokesperson further accused China of providing safe harbor to companies engaged in malicious cyber activities against the United States and its allies.
China’s Response to the Indictments
The Chinese government has vehemently denied the allegations, dismissing the indictments as "groundless." In a strongly worded statement, a spokesperson for the Chinese Foreign Ministry claimed that China is itself a victim of cyberattacks, pointing to alleged recent attacks on Chinese high-tech companies by U.S. intelligence agencies. The spokesperson accused the United States of hypocrisy, labeling it the "Number One ‘hacking empire’ in the world." The Chinese government demanded that the U.S. abandon its "double standards" and cease framing China as a perpetrator of cybercrimes.
Conclusion
The indictment of these 12 Chinese nationals and the unsealing of the court documents mark a significant escalation in the global cyber conflict between the United States and China. The case highlights the complexities of state-sponsored cyberattacks, where governments employ private companies and mercenaries to conduct operations that blur the lines between espionage and criminal enterprise. The U.S. government’s decision to publicly expose these activities and offer substantial rewards for information reflects its growing frustration with China’s alleged role in global cybercrime.
This case also underscores the broader tensions between the two superpowers, as both nations accuse each other of cyber aggression. While the indictments demonstrate the U.S.’s commitment to holding alleged cybercriminals accountable, the fact that all 12 defendants remain at large highlights the challenges of enforcing these charges internationally. As cyber warfare continues to evolve, this case serves as a stark reminder of the vulnerabilities and risks posed by state-sponsored hacking and the need for international cooperation to address these threats.