The DOJ has unsealed multiple indictments against 12 Chinese nationals, including two officers of the Ministry of Public Security (MPS) and the employees of Chinese cybersecurity firm i-Soon. This investigation was carried out by the FBI, NSCS, State Department, and Treasury Department.
Why it Matters
- This Indictment highlights the role of private contractors and freelance hackers in Beijing’s offensive cyber operations in Asia and Western Countries.
- These hacker’s targets were U.S. government agencies, military contractors, international corporations, and political dissidents, indicating a broad and strategic effort to extract valuable intelligence and silence opposition.
- This is one of the most aggressive legal actions taken by the U.S. against Chinese state-sponsored hackers.
The Details
According to the DOJ, the cyber operations were carried out by individuals linked to APT27 (also known as Silk Typhoon or Emissary Panda) and i-Soon, a Chinese cybersecurity company that provides hacking services to MSS and MSP. The charges stem from multiple hacking campaigns spanning over a decade.
The 12 defendants charged in the indictment and sanctions are
WU HAIBO (a.k.a. shutd0wn, Boss Wu, 吴海波) – CEO and leader of i-Soon.
CHEN CHENG (a.k.a. lengmo, Chief C, Jesse Chen, 陈诚) – COO of i-Soon.
WANG YAN (a.k.a. crysolo, 王堰) – Leader of one of i-Soon’s penetration testing teams.
WANG ZHE (a.k.a. ken73224, 王哲) – Sales Director of i-Soon.
ZHOU WEIWEI (a.k.a. nullroot, 周伟伟) – Head of i-Soon’s Technology Research and Development Center.
WANG LIYU (a.k.a. PICNIC350116, 王立宇) – MPS officer based in Chengdu, China.
SHENG JING (a.k.a. sjbible, 盛晶) – MPS officer based in Shenzhen, China.
ZHENG JIAQI (a.k.a. 3ss0x, 郑佳奇) – Senior security specialist at i-Soon.
XU XIN (a.k.a. Dawn, 许鑫) – Penetration tester at i-Soon.
GUO QIN (a.k.a. xuhuai, 郭钦) – Cyber operator at i-Soon.
YIN KECHENG: An alleged member of APT27, (already wanted for US DOT breach)
ZHOU SHUA: Associated with APT27.
i-Soon as a Cyber Mercenary
These indictments expose how China’s MSS (Equivalent of CIA) and MPS outsource offensive cyber operations to private contractors like i-Soon. The worst part is sometimes, i-Soon independently hacks and sells stolen data back to the Chinese government. The Company also trained MSS and MPS employees on hacking techniques, helping them conduct independent cyber operations.
I- soon also developed and sold a range of offensive cyber tools, including
1. Automated Penetration Testing Platform
A hacking tool capable of launching email phishing attacks, creating malware-infected files, and cloning websites to steal user credentials.
Interface for the Automated Penetration Testing Platform sold by i-Soon
2. Divine Mathematician Password Cracking Platform
A password-cracking system designed to break into online accounts and computer systems.
Interface for the Divine Mathematician Password Cracking Platform
3. Bespoke Cyber Espionage Software
i-Soon sold custom hacking tools specifically designed to compromise major platforms, including
- Microsoft Outlook
- Gmail
- X (formerly twitter)
- Android, Windows, macOS, and Linux operating system
3. Public Opinion Guidance and Control Platform(Overseas)
- A tool designed to hack and manipulate Twitter accounts (now X).
- Could bypass passwords and multi-factor authentication to take full control of accounts.
- Allowed China’s government to monitor, censor, and manipulate public discourse on social media.
- Could track keywords in tweets, delete posts, send messages, and spread propaganda.
Interface of Public Opinion Guidance and Control Platform (Overseas)
Victims of i-Soon’s Hacking
U.S. Media & Advocacy Groups: Two New York-based newspapers critical of the Chinese Communist Party, a Texas-based human rights organization, and a U.S. government-funded news service covering China.
U.S. Government Agencies: The Defense Intelligence Agency, the Department of Commerce, and the International Trade Administration.
Religious Targets: A major U.S.-based religious organization with thousands of churches and a religious leader outside China and the U.S.
Political & Academic Institutions: The New York State Assembly and a U.S. state research university.
Foreign Governments: The foreign ministries of Taiwan, India, South Korea, and Indonesia.
Hong Kong Media: A prominent newspaper covering Hong Kong politics.
What’s Next?
This indictment reveals how China utilizes private firms for state-sponsored hacking to target the U.S. and its allies. While sanctions and arrest warrants won’t physically stop these hackers—who remain safely within China—they serve as a clear warning: “We know exactly who’s behind this.”
Follow us on X and Linkedin for the latest cybersecurity news
