US Sanctions 12 Chinese Hackers, Intelligence Officials for Massive Hacking Campaign

WASHINGTON—The United States has sanctioned a dozen Chinese nationals, including two intelligence officials, for their involvement in a years-long hacking campaign to steal data from the U.S. government and undermine dissident groups.

Eight of the defendants work for i-Soon, a Chinese tech firm that hacked victims around the globe, including U.S. government agencies and dissident groups the Chinese Communist Party considers a threat, according to a news release issued by the Justice Department on March 5.

From 2016 through 2023, i-Soon breached email accounts, cellphones, servers, and websites under Beijing’s instructions and made tens of millions of dollars from it, according to the Justice Department. The company allegedly worked with 43 Chinese intelligence or police bureaus, charging somewhere between $10,000 and $75,000 for each email inbox hacked.

Its victims include a New York-based newspaper that publishes China-related news critical of the Chinese regime; a Texas-based organization that promotes human rights in China; a U.S. religious organization with thousands of churches; a Washington-based U.S.-funded news service; the foreign ministries of Taiwan, India, South Korea, and Indonesia; a U.S.-based religious leader; along with the U.S. Defense Intelligence Agency, Department of Commerce, and the New York State Assembly.

The Treasury Department also imposed sanctions on a Shanghai-based cyber actor, accusing him of working with other Chinese hackers to infiltrate critical U.S. infrastructure networks.

In an announcement, the department identified the actor as Zhou Shuai, who has sold “illegally exfiltrated data and access to compromised computer networks” since 2018.

At least some of the data was acquired by a Chinese cyber actor, Yin Kecheng, who was sanctioned in December 2024 for aiding the hack into the Treasury.

According to a March 5 statement from the Justice Department, both Zhou and Yin have ties with the Chinese regime. Prosecutors said they carried out “years-long, sophisticated computer hacking conspiracies that successfully targeted a wide variety of U.S.-based victims from 2011 to the present-day.”

Companies and organizations allegedly targeted by Zhou and Yin include “numerous” U.S.-based tech companies, local governments, think tanks, universities, and defense contractors, according to the Justice Department. Both Zhou and Yin were indicted.

All 12 remain at large. The State Department is offering up to $10 million for information on i-Soon and its employees, as well as the two Ministry of Public Security officials. It also issued a $2 million reward to help arrest Yin and Zhou, both of whom are in China.

“China offers safe harbor for private sector companies that conduct malicious cyber activity against the United States and its partners,” State Department spokesperson Tammy Bruce said in a statement.

Bruce said the multi-agency effort reflects the United States’ whole-of-government approach to protect Americans and U.S. critical infrastructure against China-based cyber threats.

She described Chinese state-backed hacking as “one of the greatest and most persistent threats to U.S. national security.”

.