BOSTON — The U.S. is offering a reward of up to $10 million to help apprehend several accused hackers working for the Chinese government, federal officials said Wednesday as the FBI issued a dire warning of global cybersecurity threats linked to China.
The Chinese government, including its domestic police force, is using freelance hackers and information security companies to compromise computer networks worldwide, FBI officials said in a public warning.
The warning comes as indictments were unsealed in New York and Washington on Wednesday against a dozen Chinese nationals accused of hacking into American computer networks and selling stolen data to the Chinese government.
“The Department of Justice will relentlessly pursue those who threaten our cybersecurity by stealing from our government and our people,” Sue Bai, head of the Justice Department’s National Security Division, said in a statement Wednesday.
“We are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed,” Bai said. “We will continue to fight to dismantle this ecosystem of cyber mercenaries and protect our national security.”
The government agencies in China involved in the alleged cybersecurity threats include China’s primary intelligence service, the Ministry of State Security, and China’s domestic police agency, the Ministry of Public Security, according to the FBI.
The Southern District of New York on Wednesday unsealed an indictment against eight employees of Anxun Information Technology Co., Ltd., aka i-Soon, an information security company based in China, and two of China’s domestic police officers who allegedly directed i-Soon activities “in service of the Chinese government.”
The accused hackers remain at large and are wanted by the FBI. The reward of up to $10 million is offered for the following people who allegedly have worked in various capacities to direct China’s malicious cyber activity:
- Wu Haibo (吴海波), Chief Executive Officer
- Chen Cheng (陈诚), Chief Operating Officer
- Wang Zhe (王哲), Sales Director
- Liang Guodong (梁国栋), Technical Staff
- Ma Li (马丽), Technical Staff
- Wang Yan (王堰), Technical Staff
- Xu Liang (徐梁), Technical Staff
- Zhou Weiwei (周伟伟), Technical Staff
- Wang Liyu (王立宇), MPS Officer
- Sheng Jing (盛晶), MPS Officer
China’s information security companies ecosystem “flourishes” because China’s government agencies “weaponize” information security companies “by tasking companies that advertise legitimate cybersecurity services to also use their expertise to gain unauthorized access to victim networks to collect for China’s intelligence services,” FBI officials said in a statement.
i-Soon “has been a key player” in China’s information security company ecosystem over the last decade, the FBI said. The company has been working with at least 43 separate Ministry of State Security or Ministry of Public Security bureaus in 31 provinces and municipalities across China.
The indicted i-Soon hackers allegedly sold stolen data to the Chinese government agencies “from a myriad of victims, to include US-based critics of the Chinese government and Chinese dissidents, a US news organization, a large US-based religious organization, multiple governments in Asia, and US federal and state government agencies,” FBI officials said.
“i-Soon sold information to China’s intelligence and security services to suppress free speech and democratic processes worldwide, and target groups deemed a threat to the Chinese government,” officials said.
i-Soon also sold platforms to China’s primary intelligence service and domestic police agency customers “for their own hacking efforts,” officials said.
i-Soon’s activities are publicly tracked as Aquatic Panda, Red Alpha, Red Hotel, Charcoal Typhoon, Red Scylla, Hassium, Chromium, and TAG-22, according to the FBI.
“This ecosystem of InfoSec companies and freelance hackers enables and encourages indiscriminate global cyber activity, while providing the Chinese government with a layer of plausible deniability,” FBI officials said in their statement.
Also Wednesday, the federal court in Washington, D.C. unsealed two indictments of freelance Chinese hackers Yin KeCheng and Zhou Shuai, who are accused of maintaining ties to i-Soon and the Chinese government.
Since 2011, Yin and Zhou have worked in China’s information security company ecosystem “and enriched themselves by selling stolen US information to the Chinese government,” prosecutors allege.
Zhou served for a period of time in i-Soon’s Strategic Consulting Division.
Yin, known in Chinese hacking circles for his prolific targeting of US entities, explained to an associate in 2013 that he wanted to “mess with the American military” and “break into a big target,” hoping the proceeds from selling the stolen US data would be enough to purchase a car, prosecutors allege.
At least one time, Yin compromised sensitive data which he turned over to Zhou, who partnered with an i-Soon employee to sell the stolen data, prosecutors said.
Yin and Zhou’s activities are publicly tracked as APT27, Threat Group 3390, Bronze Union, Emissary Panda, Lucky Mouse, Iron Tiger, UTA0178, UNC 5221, and Silk Typhoon, officials said.
Anyone who suspects to be a victim of malicious cyber activity by groups associated with the government of China is urged to report the suspicious activity to the FBI’s Internet Crime Complaint Center at www.IC3.gov as quickly as possible.
This is a developing story. Check back for updates as more information becomes available.
Download the FREE Boston 25 News app for breaking news alerts.
Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW
©2025 Cox Media Group
