US indicts slew of alleged Chinese hackers, sanctions company over spy campaign

The U.S. on Wednesday (5 Mar ’25)announced indictments against a slew of alleged Chinese hackers, sanctioned a Chinese tech company and offered a $10 million bounty over what Washington called a years-long spy campaign that stole information from victims across America and around the world.

Federal officials accused 10 people of collaborating to steal data from their targets. Eight of the suspects worked for the company known as Anxun Information Technology, better known as i-Soon, and two worked for the Chinese Ministry of Public Security...Officials said the targets included the U.S. Defense Intelligence Agency, the U.S. Department of Commerce, the foreign ministries of Taiwan, South Korea, India, and Indonesia, news organisations critical of China, the New York State Assembly.

Hackers also hit a variety of religious figures and groups, including an unidentified "large religious organization in the United States," according to the indictment and a separate statement issued by the Manhattan District Attorney's office. The indictment says i-Soon charged Chinese intelligence agencies the equivalent of about $10,000 to $75,000 for each email inbox it successfully hacked, with additional payments for analysing them.

Also Wednesday, the U.S. Treasury said it was sanctioning a Shanghai-based company and its owner over the alleged theft and sale of data from "highly sensitive U.S. critical infrastructure networks."

Treasury said in a statement that it was sanctioning the Shanghai Heiying Information Technology Company and its founder, Zhou Shuai, for "selling illegally exfiltrated data and access to compromised computer networks." At least some of the data was later acquired by a previously sanctioned Chinese hacker named Yin Kecheng, who was implicated in the theft of data from the U.S. Treasury, the statement said.

Zhou and Yin were also indicted.