The U.S. Department of Justice (DOJ) has unveiled criminal charges against 12 Chinese nationals accused of orchestrating cyberattacks on over 100 American organizations, including the Treasury Department.
Some of these attacks, dating back to 2013, allegedly had ties to China’s Ministry of Public Security (MPS) and Ministry of State Security (MSS).
Among those charged, two individuals are identified as MPS officers, while eight others reportedly worked for i-Soon, a so-called private company that allegedly functioned as a key player in China’s hacker-for-hire network. The DOJ claims i-Soon could hack into Gmail, Microsoft Outlook, and even social media platforms like Twitter (now X), which it used to help Beijing control public narratives overseas through a system dubbed the “Public Opinion Guidance and Control Platform.”
The remaining two suspects are linked to APT27, also known as Silk Typhoon, a notorious cybercriminal group responsible for targeting healthcare institutions, universities, and critical IT infrastructure. According to Microsoft, their recent focus has been on breaching IT management software—similar to the attack on the U.S. Treasury reported in December.
Money appeared to be a major driving force behind these cyber operations. The DOJ alleges that i-Soon and its employees raked in tens of millions of dollars, selling stolen data to various Chinese government agencies across 31 provinces and municipalities. The price tag for a single hacked email inbox reportedly ranged from $10,000 to $75,000. The company even trained MPS employees in cyber espionage techniques, offering hacking tools as part of its services.
As for Silk Typhoon, the group operated with a similar profit-driven motive, selling stolen data from U.S. tech firms, defense contractors, law firms, think tanks, healthcare providers, and universities. Their actions not only compromised valuable information but also left systems vulnerable to further breaches, causing millions of dollars in damages.
Other high-profile victims of i-Soon’s operations include two major New York newspapers, the U.S. Department of Commerce, and the Defense Intelligence Agency.
Despite these charges, none of the accused are currently in custody. The U.S. government is offering up to $10 million for information leading to the identification of those responsible for i-Soon’s cyber operations. Additionally, a separate reward of up to $2 million each is being offered for details that lead to the arrest of Yin Kecheng and Zhou Shuai, the alleged members of Silk Typhoon.
This latest indictment underscores the growing concerns over state-sponsored cyberattacks and the increasing overlap between government-backed hacking groups and profit-driven cybercrime.
