US charges 12 Chinese hackers in massive cyberattacks on critical infrastructure

The US Department of Justice has charged 12 Chinese nationals involved in a years-long hacking campaign against key US government agencies, including the Treasury Department. According to investigators, the attackers acted in the interests of the Chinese government, hacking into systems, stealing confidential data and reselling it through a network of Chinese companies.

According to US authorities, the main defendants in the case are Ying Kecheng, 38, (YKC), and Zhou Shu, 45, (Cold Face). They began their hacking activities in 2011 and by 2024 caused millions of dollars in damage to private companies, government agencies and US think tanks. The hackers exploited modern zero-day vulnerabilities, installed malware (PlugX, RAT), compromised accounts, and gained long-term access to networks. They also used front companies such as Shanghai Heiying Information Technology to hide their activities.

The hackers sold data through Chinese brokers, including i-Soon, which served China’s Ministry of State Security (MSS) and Ministry of Public Security (MPS). The stolen information included:

• Data from telecommunications companies,
• Information about border crossings,
• Dossiers on employees of religious and media organizations,
• Personal data of US government officials.

Over the past decade, the US has repeatedly fallen victim to Chinese APT (Advanced Persistent Threat) groups. One suspect is the APT27 group, which has been used to attack US technology and defense companies; in 2024, they successfully hacked the US Treasury Department and gained access to the laptops of high-ranking officials.

The case was the largest exposure of a Chinese spy network in recent years. The US Department of Justice said it would continue to provide sanctuary to hacking groups that threaten the country’s national security.