WASHINGTON – NCIS, the Justice Department, the Federal Bureau of Investigation, and Departments of State and the Treasury announced coordinated efforts today to disrupt and deter the malicious cyber activities of 12 Chinese nationals, including officers of the People’s Republic of China’s Ministry of Public Security, employees of a private PRC company and members of Advanced Persistent Threat 27.
A federal judge in Washington, D.C., today unsealed two separate indictments that allege Chinese nationals Yin Kecheng, 38, aka “YKC” and Zhou Shuai, 45, aka “Coldface” violated various federal statutes by participating in years-long, sophisticated computer hacking conspiracies that successfully targeted a wide variety of U.S.-based victims from 2011 to the present-day. According to the documents unsealed today, the defendants targeted a multitude of U.S. victim companies, municipalities, and organizations for profit, causing millions of dollars’ worth of damages. Yin and Zhou, who have ties to the government of the PRC, are alleged to have stolen and exfiltrated data from numerous U.S.-based technology companies, think tanks, defense contractors, government municipalities, and universities that they later brokered for sale. Arrest warrants have been issued for Yin and Zhou, both of whom remain fugitives.
According to the indictment, Yin targeted U.S.-based defense contractors, technology firms, and think tanks, among other victims. The indictment alleges Yin openly discussed his preference for targeting American victims and, on one occasion in September 2013, Yin told an associate he wanted to “mess with the American military” and “break into a big target.”
In July 2021, the NCIS Cyber Operations Field Office received notification of an intrusion into the network of an aerospace technology company that holds defense contracts and opened an investigation. With the company’s consent, NCIS obtained forensic images of the affected servers. The investigation identified targeting of U.S. cleared defense contractors associated with the Department of the Navy, to include aerospace simulation solutions, unmanned vehicles, electronic warfare devices and other research initiatives. These companies were awarded over $710 million in contracts supporting the DON. Analysis revealed that some of the intrusions were likely conducted by cyber actors employed by, or associated with, the Chinese government, which ultimately led to the joint investigation with the FBI Washington Field Office.
The above story references information from a Department of Justice press release dated March 5, 2025, which may be found here.