The United States has filed charges against 12 Chinese nationals, as geopolitical tensions between the two nations increase amid Donald Trump’s presidency.

The US Justice Department (DoJ) announced on Wednesday that it has charged 12 Chinese contract hackers as well as Chinese law enforcement officers for their role in “global computer intrusion campaigns.”

This is not the first time that the US charged government officials from the People’s Republic of China (PRC). In 2022 for example, the US charged 13 individuals – 10 of whom were said to be Chinese intelligence officers and Chinese government officials.

DoJ charges

Now after investigations were conducted by FBI New York and Washington Field Offices, FBI Cyber Division, the Naval Criminal Investigative Service into the disruptive actions of PRC malicious cyber activities, the US DoJ has charged 12 Chinese nationals.

The 12 Chinese nationals include two officers of the PRC Ministry of Public Security (MPS), employees of an ostensibly private PRC company (Anxun Information Technology Co. Ltd, also known as “i-Soon”), and members of Advanced Persistent Threat 27 (APT27).

The DoJ said these malicious cyber actors, acting as freelancers or as employees of i-Soon, conducted computer intrusions at the direction of the PRC’s MPS and Ministry of State Security (MSS) and on their own initiative. The MPS and MSS paid handsomely for stolen data.

Victims include US-based critics and dissidents of the PRC, a large religious organisation in the United States, the foreign ministries of multiple governments in Asia, and US federal and state government agencies, including the US Department of the Treasury (Treasury) in late 2024.

In December the US Treasury Department had notified lawmakers that a China state-sponsored attack group infiltrated workstations at the department and stole files in what it described as a “major incident”.

“Chinese government agents”

“The Department of Justice will relentlessly pursue those who threaten our cybersecurity by stealing from our government and our people,” said Sue J. Bai, head of the Justice Department’s National Security Division.

“Today, we are exposing the Chinese government agents directing and fostering indiscriminate and reckless attacks against computers and networks worldwide, as well as the enabling companies and individual hackers that they have unleashed. We will continue to fight to dismantle this ecosystem of cyber mercenaries and protect our national security.”

“Today’s announcements reveal that the Chinese Ministry of Public Security has been paying hackers-for-hire to inflict digital harm on Americans who criticise the Chinese Communist Party (CCP),” added Assistant Director Bryan Vorndran of the FBI’s Cyber Division.

According to court documents, the MPS and MSS employed an extensive network of private companies and contractors in China to hack and steal information in a manner that obscured the PRC government’s involvement.

In some cases, the MPS and MSS paid private hackers in China to exploit specific victims.

In many other cases, the hackers targeted victims speculatively.

The DoJ said that operating from their safe haven and motivated by profit, this network of private companies and contractors in China cast a wide net to identify vulnerable computers, exploit those computers, and then identify information that it could sell directly or indirectly to the PRC government.

The DoJ charged the following i-Soon employees:

• Wu Haibo (吴海波), Chief Executive Officer
• Chen Cheng (陈诚), Chief Operating Officer
• Wang Zhe (王哲), Sales Director
• Liang Guodong (梁国栋), Technical Staff
• Ma Li (马丽), Technical Staff
• Wang Yan (王堰), Technical Staff
• Xu Liang (徐梁), Technical Staff
• Zhou Weiwei (周伟伟), Technical Staff
• Wang Liyu (王立宇), MPS Officer
• Sheng Jing (盛晶), MPS Officer

The US also charged APT27 actors Yin Kecheng and Zhou Shuai also known as “Coldface” for their involvement in the multi-year, for-profit computer intrusion campaigns.

The defendants remain at large, but the Treasury Department announced sanctions in connection with the hacking, and the State Department announced multimillion-dollar rewards for information about the defendants.

The APT27 group to which Yin and Zhou belong is also known to private sector security researchers as “Threat Group 3390,” “Bronze Union,” “Emissary Panda,” “Lucky Mouse,” “Iron Tiger,” “UTA0178,” “UNC 5221,” and “Silk Typhoon.”

Chinese reaction

However a spokesperson for the Chinese foreign ministry on Thursday denied the charges to the Associated Press, calling the US “hypocritical” and pointing to US cyberattacks on China.

“China firmly opposes the groundless accusation made by the US and urges the US to immediately stop abusing sanctions,” Chinese Foreign Ministry spokesperson Lin Jian reportedly said at a press conference in Beijing.