The Justice Department, FBI, Naval Criminal Investigative Service, and Departments of State and the Treasury announced today their coordinated efforts to disrupt and deter the malicious cyber activities of 12 Chinese nationals, including two officers of the People’s Republic of China’s (PRC) Ministry of Public Security (MPS), employees of an ostensibly private PRC company, Anxun Information Technology Co. Ltd. (安洵信息技术有限公司) also known as “i-Soon,” and members of Advanced Persistent Threat 27 (APT27).
These malicious cyber actors, acting as freelancers or as employees of i-Soon, conducted computer intrusions at the direction of the PRC’s MPS and Ministry of State Security (MSS) and on their own initiative. The MPS and MSS paid handsomely for stolen data. Victims include U.S.-based critics and dissidents of the PRC, a large religious organization in the United States, the foreign ministries of multiple governments in Asia, and U.S. federal and state government agencies, including the U.S. Department of the Treasury (Treasury) in late 2024.
“The Department of Justice will relentlessly pursue those who threaten our cybersecurity by stealing from our government and our people,” said Sue J. Bai, head of the Justice Department’s National Security Division. “Today, we are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed. We will continue to fight to dismantle this ecosystem of cyber mercenaries and protect our national security.”
“The FBI is committed to protecting Americans from foreign cyber-attacks,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “Today’s announcements reveal that the Chinese Ministry of Public Security has been paying hackers-for-hire to inflict digital harm on Americans who criticize the Chinese Communist Party (CCP). To those victims who bravely came forward with evidence of intrusions, we thank you for standing tall and defending our democracy. And to those who choose to aid the CCP in its unlawful cyber activities, these charges should demonstrate that we will use all available tools to identify you, indict you, and expose your malicious activity for all the world to see.”
According to court documents, the MPS and MSS employed an extensive network of private companies and contractors in China to hack and steal information in a manner that obscured the PRC government’s involvement. In some cases, the MPS and MSS paid private hackers in China to exploit specific victims. In many other cases, the hackers targeted victims speculatively. Operating from their safe haven and motivated by profit, this network of private companies and contractors in China cast a wide net to identify vulnerable computers, exploit those computers, and then identify information that it could sell directly or indirectly to the PRC government. The result of this largely indiscriminate approach was more worldwide computer intrusion victims, more systems worldwide left vulnerable to future exploitation by third parties, and more stolen information, often of no interest to the PRC government and, therefore, sold to other third-parties. Additional information regarding the indictments and the PRC’s hacker-for-hire ecosystem is available in Public Service Announcements published by the FBI today.
U.S. v. Wu Haibo et al., Southern District of New York
Today, a federal court in Manhattan unsealed an indictment charging eight i-Soon employees and two MPS officers for their involvement, from at least in or around 2016 through in or around 2023, in the numerous and widespread hacking of email accounts, cell phones, servers, and websites. The Department also announced today the court-authorized seizure of the primary internet domain used by i-Soon to advertise its business.
“State-sponsored hacking is an acute threat to our community and national security,” said Acting U.S. Attorney Matthew Podolsky for the Southern District of New York. “For years, these 10 defendants — two of whom we allege are PRC officials — used sophisticated hacking techniques to target religious organizations, journalists, and government agencies, all to gather sensitive information for the use of the PRC. These charges will help stop these state-sponsored hackers and protect our national security. The career prosecutors of this office and our law enforcement partners will continue to uncover alleged state-sponsored hacking schemes, disrupt them, and bring those responsible to justice.”
The defendants remain at large and wanted by the FBI. Concurrent with today’s announcement, the U.S. Department of State’s Rewards for Justice (RFJ) program, administered by the Diplomatic Security Service, announced a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act. The reward is offered for the following individuals who are alleged to have worked in various capacities to direct or carry out i-Soon’s malicious cyber activity:
-Wu Haibo (吴海波), Chief Executive Officer
-Chen Cheng (陈诚), Chief Operating Officer
-Wang Zhe (王哲), Sales Director
-Liang Guodong (梁国栋), Technical Staff
-Ma Li (马丽), Technical Staff
-Wang Yan (王堰), Technical Staff
-Xu Liang (徐梁), Technical Staff
-Zhou Weiwei (周伟伟), Technical Staff
-Wang Liyu (王立宇), MPS Officer
-Sheng Jing (盛晶), MPS Officer
i-Soon and its employees, to include the defendants, generated tens of millions of dollars in revenue as a key player in the PRC’s hacker-for-hire ecosystem. In some instances, i-Soon conducted computer intrusions at the request of the MSS or MPS, including cyber-enabled transnational repression at the direction of the MPS officer defendants. In other instances, i-Soon conducted computer intrusions on its own initiative and then sold, or attempted to sell, the stolen data to at least 43 different bureaus of the MSS or MPS in at least 31 separate provinces and municipalities in China. i-Soon charged the MSS and MPS between approximately $10,000 and $75,000 for each email inbox it successfully exploited. i-Soon also trained MPS employees how to hack independently of i-Soon and offered a variety of hacking methods for sale to its customers.
The defendants’ U.S.-located targets included a large religious organization that previously sent missionaries to China and was openly critical of the PRC government and an organization focused on promoting human rights and religious freedom in China. In addition, the defendants targeted multiple news organizations in the United States, including those that have opposed the CCP or delivered uncensored news to audiences in Asia, including China and the New York State Assembly, one of whose representatives had communicated with members of a religious organization banned in China.
The defendants’ foreign-located targets included a religious leader and his office, and a Hong Kong newspaper that i-Soon considered as being opposed to the PRC government. The defendants also targeted the foreign ministries of Taiwan, India, South Korea, and Indonesia.
Assistant U.S. Attorneys Ryan B. Finkel, Steven J. Kochevar, and Kevin Mead for the Southern District of New York and Trial Attorney Gregory J. Nicosia Jr. of the National Security Division’s National Security Cyber Section are prosecuting the case.
U.S. v. Yin Kecheng and U.S. v. Zhou Shuai et al., District of Columbia
Today, a federal court unsealed two indictments charging APT27 actors Yin Kecheng (尹可成) and Zhou Shuai (周帅) also known as “Coldface” for their involvement in the multi-year, for-profit computer intrusion campaigns dating back, in the case of Yin, to 2013. The Department also announced today court-authorized seizures of internet domains and computer server accounts used by Yin and Zhou to facilitate their hacking activity.
The defendants remain at large. View the FBI’s Wanted posters for Shuai and Kecheng here.
Concurrent with today’s announcement, the Department of States State’s Bureau of International Narcotics and Law Enforcement Affairs is announcing two reward offers under the Transnational Organized Crime Rewards Program (TOCRP) of up to $2 million each for information leading to the arrests and convictions, in any country, of malicious cyber actors Yin Kecheng and Zhou Shuai, both Chinese nationals residing in China.
“These indictments and actions show this office’s long-standing commitment to vigorously investigate and hold accountable Chinese hackers and data brokers who endanger U.S. national security and other victims across the globe,” said Interim U.S. Attorney Edward R. Martin Jr. for the District of Columbia. “The defendants in these cases have been hacking for the Chinese government for years, and these indictments lay out the strong evidence showing their criminal wrongdoing. We again demand that the Chinese government to put a stop to these brazen cyber criminals who are targeting victims across the globe and then monetizing the data they have stolen by selling it across China.”
The APT27 group to which Yin and Zhou belong is also known to private sector security researchers as “Threat Group 3390,” “Bronze Union,” “Emissary Panda,” “Lucky Mouse,” “Iron Tiger,” “UTA0178,” “UNC 5221,” and “Silk Typhoon.” As alleged in court documents, between August 2013 and December 2024, Yin, Zhou, and their co-conspirators exploited vulnerabilities in victim networks, conducted reconnaissance once inside those networks, and installed malware, such as PlugX malware, that provided persistent access. The defendants and their co-conspirators then identified and stole data from the compromised networks by exfiltrating it to servers under their control. Next, they brokered stolen data for sale and provided it to various customers, only some of whom had connections to the PRC government and military. For example, Zhou sold data stolen by Yin through i-Soon, whose primary customers, as noted above, were PRC government agencies, including the MSS and the MPS.
The defendants’ motivations were financial and, because they were profit-driven, they targeted broadly, rendering victim systems vulnerable well beyond their pilfering of data and other information that they could sell. Between them, Yin and Zhou sought to profit from the hacking of numerous U.S.-based technology companies, think tanks, law firms, defense contractors, local governments, health care systems, and universities, leaving behind them a wake of millions of dollars in damages.
The documents related to the seizure warrants, also unsealed today, further allege that Yin and Zhou continued to engage in hacking activity, including Yin’s involvement in the recently announced hack of Treasury between approximately September and December 2024. Virtual private servers used to conduct the Treasury intrusion belonged to, and were controlled by, an account that Yin and his co-conspirators established. Yin and his co-conspirators used that same account and other linked accounts they controlled to lease servers used for additional malicious cyber activity. The seizure warrant unsealed today allowed the FBI to seize the virtual private servers and other infrastructure used by the defendants to perpetrate these crimes.
On Jan. 17, Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Yin for his role in hacking that agency between September and December 2024. Concurrent with today’s indictments, OFAC also announced sanctions on Zhou and Shanghai Heiying Information Technology Company Ltd., a company operated by Zhou for purposes of his hacking activity.
Private sector partners are also taking voluntary actions to raise awareness and strengthen defenses against the PRC’s malicious cyber activity. Today, Microsoft published research that highlights its unique, updated insights into Silk Typhoon tactics, techniques, and procedures specifically its targeting of the IT supply chain.
Assistant U.S. Attorneys Jack F. Korba and Tejpal S. Chawla for the District of Columbia and Trial Attorney Tanner Kroeger of the National Security Division’s National Security Cyber Section are prosecuting the case.
***
The above disruptive actions targeting PRC malicious cyber activities were the result of investigations conducted by FBI New York and Washington Field Offices, FBI Cyber Division, the Naval Criminal Investigative Service. The U.S. Attorney’s Offices for the Southern District of New York and District of Columbia and the National Security Division’s National Security Cyber Section are prosecuting the case.
The Department acknowledges the value of public-private partnerships in combating advanced cyber threats and recognizes Microsoft, Volexity, PwC, and Mandiant for their valuable assistance in these investigations.
The details in the above-described indictments and warrants are merely allegations. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
Updated March 5, 2025
Cancel anytime
Web Master
Using our website
You may use the The Middle Land website subject to the Terms and Conditions set out on this page. Visit this page regularly to check the latest Terms and Conditions. Access and use of this site constitutes your acceptance of the Terms and Conditions in-force at the time of use.
Intellectual property
Names, images and logos displayed on this site that identify The Middle Land are the intellectual property of New San Cai Inc. Copying any of this material is not permitted without prior written approval from the owner of the relevant intellectual property rights.
Requests for such approval should be directed to the competition committee.
Please provide details of your intended use of the relevant material and include your contact details including name, address, telephone number, fax number and email.
Linking policy
You do not have to ask permission to link directly to pages hosted on this website. However, we do not permit our pages to be loaded directly into frames on your website. Our pages must load into the user’s entire window.
The Middle Land is not responsible for the contents or reliability of any site to which it is hyperlinked and does not necessarily endorse the views expressed within them. Linking to or from this site should not be taken as endorsement of any kind. We cannot guarantee that these links will work all the time and have no control over the availability of the linked pages.
Submissions
All information, data, text, graphics or any other materials whatsoever uploaded or transmitted by you is your sole responsibility. This means that you are entirely responsible for all content you upload, post, email or otherwise transmit to the The Middle Land website.
Virus protection
We make every effort to check and test material at all stages of production. It is always recommended to run an anti-virus program on all material downloaded from the Internet. We cannot accept any responsibility for any loss, disruption or damage to your data or computer system, which may occur while using material derived from this website.
Disclaimer
The website is provided ‘as is’, without any representation or endorsement made, and without warranty of any kind whether express or implied.
Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It is your responsibility to ensure any products, services or information available through this website meet your specific requirements.
We do not warrant the operation of this site will be uninterrupted or error free, that defects will be corrected, or that this site or the server that makes it available are free of viruses or represent the full functionality, accuracy and reliability of the materials. In no event will we be liable for any loss or damage including, without limitation, loss of profits, indirect or consequential loss or damage, or any loss or damages whatsoever arising from the use, or loss of data, arising out of – or in connection with – the use of this website.
Last Updated: September 11, 2024
New San Cai Inc. (hereinafter “The Middle Land,” “we,” “us,” or “our”) owns and operates www.themiddleland.com, its affiliated websites and applications (our “Sites”), and provides related products, services, newsletters, and other offerings (together with the Sites, our “Services”) to art lovers and visitors around the world.
This Privacy Policy (the “Policy”) is intended to provide you with information on how we collect, use, and share your personal data. We process personal data from visitors of our Sites, users of our Services, readers or bloggers (collectively, “you” or “your”). Personal data is any information about you. This Policy also describes your choices regarding use, access, and correction of your personal information.
If after reading this Policy you have additional questions or would like further information, please email at middleland@protonmail.com.
PERSONAL DATA WE COLLECT AND HOW WE USE IT
We collect and process personal data only for lawful reasons, such as our legitimate business interests, your consent, or to fulfill our legal or contractual obligations.
Information You Provide to Us
Most of the information Join Talents collects is provided by you voluntarily while using our Services. We do not request highly sensitive data, such as health or medical information, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, etc. and we ask that you refrain from sending us any such information.
Here are the types of personal data that you voluntarily provide to us:
As a registered users or customers, you may ask us to review or retrieve emails sent to your business. We will access these emails to provide these services for you.
We use the personal data you provide to us for the following business purposes:
Information Obtained from Third-Party Sources
We collect and publish biographical and other information about users, which we use to promote the articles and our bloggers who use our sites. If you provide personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided.
Information We Collect by Automated Means
Log Files
The site uses your IP address to help diagnose server problems, and to administer our website. We use your IP addresses to analyze trends and gather broad demographic information for aggregate use.
Every time you access our Site, some data is temporarily stored and processed in a log file, such as your IP addresses, the browser types, the operating systems, the recalled page, or the date and time of the recall. This data is only evaluated for statistical purposes, such as to help us diagnose problems with our servers, to administer our sites, or to improve our Services.
Do Not Track
Your browser or device may include “Do Not Track” functionality. Our information collection and disclosure practices, and the choices that we provide to customers, will continue to operate as described in this Privacy Policy, whether or not a “Do Not Track” signal is received.
HOW WE SHARE YOUR INFORMATION
We may share your personal data with third parties only in the ways that are described in this Privacy Policy. We do not sell, rent, or lease your personal data to third parties, and We does not transfer your personal data to third parties for their direct marketing purposes.
We may share your personal data with third parties as follows:
There may be other instances where we share your personal data with third parties based on your consent.
HOW WE STORE AND SECURE YOUR INFORMATION
We retain your information for as long as your account is active or as needed to provide you Services. If you wish to cancel your account, please contact us middleland@protonmail.com. We will retain and use your personal data as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.
All you and our data are stored in the server in the United States, we do not sales or transfer your personal data to the third party. All information you provide is stored on a secure server, and we generally accepted industry standards to protect the personal data we process both during transmission and once received.
YOUR RIGHTS/OPT OUT
You may correct, update, amend, delete/remove, or deactivate your account and personal data by making the change on your Blog on www.themiddleland.com or by emailing middleland@protonmail.com. We will respond to your request within a reasonable timeframe.
You may choose to stop receiving Join Talents newsletters or marketing emails at any time by following the unsubscribe instructions included in those communications, or you can email us at middleland@protonmail.com
LINKS TO OTHER WEBSITES
The Middle Land include links to other websites whose privacy practices may differ from that of ours. If you submit personal data to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the Privacy Policy of any website you visit.
NOTE TO PARENTS OR GUARDIANS
Our Services are not intended for use by children, and we do not knowingly or intentionally solicit data from or market to children under the age of 18. We reserve the right to delete the child’s information and the child’s registration on the Sites.
PRIVACY POLICY CHANGES
We may update this Privacy Policy to reflect changes to our personal data processing practices. If any material changes are made, we will notify you on the Sites prior to the change becoming effective. You are encouraged to periodically review this Policy.
HOW TO CONTACT US
If you have any questions about our Privacy Policy, please email middleland@protonmail.com
Are you sure? Do you want to logout of the account?
The Michelin brothers created the guide, which included information like maps, car mechanics listings, hotels and petrol stations across France to spur demand.
The guide began to award stars to fine dining restaurants in 1926.
At first, they offered just one star, the concept was expanded in 1931 to include one, two and three stars. One star establishments represent a “very good restaurant in its category”. Two honour “excellent cooking, worth a detour” and three reward “exceptional cuisine, worth a
Thank you for your participation,
please Log in or Sign up to Vote
123Sign in to your account
