In a sweeping crackdown on cyber warfare, U.S. law enforcement agencies have unmasked an intricate network of Chinese state-backed hackers, leveling dozens of criminal charges against individuals accused of orchestrating relentless cyberattacks over the past decade. The latest revelations expose a sophisticated web of cyber espionage, including the high-profile 2024 breach of the U.S. Treasury.
The Department of Justice (DOJ) has charged 12 Chinese nationals, among them officers from the Ministry of Public Security (MPS) and key employees of i-Soon, a private cybersecurity firm deeply entangled in China’s espionage operations. These actors allegedly carried out cyber intrusions against U.S.-based dissidents, religious organizations, and multiple foreign ministries across Asia, alongside several American federal and state agencies.
According to prosecutors, the Chinese government heavily relied on a mix of private firms and freelance hackers to maintain plausible deniability while conducting cyber offensives. At times, these actors received explicit directives from government officials, but they also operated independently, infiltrating targets they believed would be of strategic interest to Beijing.
China’s Cyber Offensive Laid Bare
“Today, we are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers they have unleashed,” said Sue Bai, head of the DOJ’s National Security Division.
The DOJ’s findings paint a disturbing picture of state-sponsored cybercrime. Hackers under China’s command executed a vast array of cyber intrusions, breaching email accounts, stealing sensitive data, and monitoring critics of the Chinese Communist Party (CCP). The FBI has linked i-Soon to a notorious cyber threat group known by aliases such as Aquatic Panda, RedHotel, and Charcoal Typhoon.
In a chilling revelation, hackers within i-Soon reportedly auctioned off stolen data to at least 43 MPS bureaus across 31 provinces and municipalities in China, selling compromised email inboxes for prices ranging from $10,000 to $75,000. The firm also played an active role in training MPS officers in cyberwarfare tactics and provided hacking tools for government operations.
DOJ officials described i-Soon’s approach as indiscriminate, often breaching systems without fully vetting their targets. This led to widespread collateral damage, leaving systems vulnerable to further exploitation, even by third parties unrelated to the Chinese government.
Hackers for Hire: A State-Sponsored Marketplace
One indictment, filed in a Manhattan federal court, zeroes in on eight i-Soon employees and two MPS officers accused of hacking government agencies, journalists, and religious groups from 2016 to 2023. U.S. authorities have since seized i-Soon’s primary internet domain, crippling its ability to advertise its services.
“For years, these 10 defendants—two of whom we allege are PRC officials—used sophisticated hacking techniques to target religious organizations, journalists, and government agencies, all to gather sensitive information for the use of the PRC,” stated acting U.S. Attorney Matthew Podolsky for the Southern District of New York.
In response, the FBI has issued arrest warrants for the 10 individuals, and the State Department is offering a $10 million reward for information leading to their capture. Among those indicted are i-Soon CEO Wu Haibo and COO Chen Cheng, both of whom allegedly played instrumental roles in China’s hacker-for-hire ecosystem.
Beyond targeting government entities, these hackers also zeroed in on critics of China’s authoritarian regime, including a major U.S.-based religious organization that has been critical of Beijing. Other targets included human rights groups, news organizations disseminating uncensored information across Asia, and key governmental agencies worldwide.
APT27: A Legacy of Cyber Espionage
Two additional indictments, filed in Washington D.C., target Yin Kecheng and Zhou Shuai—both accused of being high-ranking members of the APT27 threat group, a cyber espionage unit known in private sector tracking as Silk Typhoon or Emissary Panda. Zhou, a notorious figure in China’s hacking community, operates under the alias “Coldface.”
The DOJ has seized critical internet domains and server accounts linked to Yin and Zhou, but both remain at large in China. The U.S. government has placed $2 million bounties on their heads.
According to prosecutors, Yin and Zhou have engaged in cyber intrusions for profit since at least 2013, employing PlugX malware and other sophisticated tools to exfiltrate sensitive data. Their operations extended beyond state-sponsored activities, with stolen data being sold to various buyers, including private clients with no direct ties to the Chinese government.
Yin, in particular, has been implicated in the recent Treasury Department breach, which lasted from September to December 2024. Investigators confirmed that the virtual private servers used in the Treasury attack were leased by Yin and his co-conspirators, who used similar infrastructure for additional cyber intrusions.
Zhou Shuai: China’s Cyber Arms Dealer
Further investigations revealed that Zhou has functioned as a data broker since at least 2018, selling stolen information and access to compromised networks. U.S. agencies have confirmed that his targets included technology firms, defense contractors, telecommunications providers, academic institutions, and government bodies.
In 2020, Zhou allegedly operated under an intelligence directive that encompassed not just the United States but also Russia and Western Europe. His objectives included gathering data on telecommunications infrastructure, border crossings, personnel involved in religious studies, media industry insiders, and public servants.
Zhou’s deep ties to China’s hacking community trace back to his roots in the Green Army, China’s first hacktivist group. Alongside other indicted figures, he played a pioneering role in establishing China’s state-sponsored cyber warfare capabilities.
A Global Network of Cyber Espionage
The investigation that led to these indictments was a multi-agency effort involving the DOJ, FBI, Treasury Department, State Department, and Naval Criminal Investigative Service. Tech giants like Microsoft, Mandiant, Volexity, and PwC also played key roles in exposing the hackers’ methods.
Microsoft’s latest cybersecurity report outlines tactics used by China’s Silk Typhoon hackers, identifying their role in exploiting vulnerabilities in Ivanti software, widely used by U.S. federal and state agencies. These findings further confirm Beijing’s aggressive cyber operations against American infrastructure.
The Fallout
The Treasury Department has now imposed sanctions on Zhou and his cybersecurity firm, Shanghai Heiying Information Technology, effectively blacklisting them from the international financial system. Zhou, the firm’s majority owner, has been linked to numerous Chinese state-backed cybercriminals, including Yin.
With mounting evidence of Beijing’s direct involvement in cyberattacks against the U.S. and its allies, the latest indictments serve as a stark warning: China’s cyber warfare is no longer lurking in the shadows—it’s now an open battlefront.
The coming months will determine whether these charges lead to actual consequences for those involved. However, one thing is certain—the U.S. is no longer playing defense in the cyber battlefield.
Help us bring real change! Corporate lobbying has corrupted our system for too long, and it’s time to take action. Please sign and share this petition—your support is crucial in restoring accountability to our government. Every signature counts! Thank you!
https://www.ipetitions.com/petition/restore-our-republic-end-lobbying
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
