On Wednesday (local time), the US Department of Justice revealed indictments against Zhou Shuai, Yin Kecheng, eight employees of the Chinese tech company i-Soon, and two officers from China's Ministry of Public Security (MPS) for various hacking-related crimes.

Additionally, Zhou Shuai, a malevolent cyber actor and data broker based in Shanghai, and his company, Shanghai Heiying Information Technology Company, were subject to sanctions from the United States. Zhou Shuai unlawfully obtained, brokered, and sold data from extremely sensitive US critical infrastructure networks, such as those in the government, communications, defense industrial base, and health sectors, according to a statement from US Department of State spokesperson Tammy Bruce. According to the statement, the US Department of State announced reward offers of up to $2 million each under the Transnational Organised Crime Rewards Program (TOCRP) for information that led to Zhou Shuai and Yin Kecheng's arrests and/or convictions. 

"These malicious cyber actors, acting as freelancers or as employees of i-Soon, conducted computer intrusions at the direction of the PRC's MPS and Ministry of State Security (MSS) and on their own initiative. The MPS and MSS paid handsomely for stolen data. Victims include U.S.-based critics and dissidents of the PRC, a large religious organization in the United States, the foreign ministries of multiple governments in Asia, and US federal and state government agencies, including the U.S. Department of the Treasury (Treasury) in late 2024," the US Department of Justice said in a media release. The Diplomatic Security Service's Rewards for Justice Program (RFJ) is offering a reward of up to $10 million for information about i-Soon, its employees, and the MPS officers involved in harmful cyber activities mentioned in the Department of Justice's indictments.

In a press release, Tammy Bruce stated, "As evidenced by today's and previous announcements, China offers safe harbor for private sector companies that conduct malicious cyber activity against the United States and its partners. The Chinese Communist Party also appears to contract them with varying degrees of control and effectiveness. China-backed malicious cyber actors continue to be one of the greatest and most persistent threats to US national security." He further said, "Today's multi-agency effort reflects our whole-of-government approach to protecting and defending against China-based cyber threats to Americans, their sensitive personal data, and our critical systems. President Trump is committed to protecting the American people and US critical infrastructure from these pervasive threats, and we will resolutely use all the tools at our disposal to do so." 

Sue J Bai, head of the Justice Department's National Security Division, said, "The Department of Justice will relentlessly pursue those who threaten our cybersecurity by stealing from our government and our people. Today, we are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed. We will continue to fight to dismantle this ecosystem of cyber mercenaries and protect our national security." FBI Cyber Division's Assistant Director, Bryan Vorndran, emphasised the FBI's dedication to safeguarding Americans from cyber attacks by foreign entities.

"Today's announcements reveal that the Chinese Ministry of Public Security has been paying hackers-for-hire to inflict digital harm on Americans who criticise the Chinese Communist Party (CCP). To those victims who bravely came forward with evidence of intrusions, we thank you for standing tall and defending our democracy. And to those who choose to aid the CCP in its unlawful cyber activities, these charges should demonstrate that we will use all available tools to identify you, indict you, and expose your malicious activity for all the world to see," Bryan Vorndran stated.