Seeking an advantage over Washington, the Chinese Communist Party keeps cyber criminals on retainer. The United States last week announced punitive action against several suspected Chinese hackers accused of malicious cyber activities.
The announcement marks an escalation in Washington’s efforts to combat Chinese cyber intrusions into U.S. government agencies and critical infrastructure while highlighting the dangers posed by Beijing’s embrace of aggressive forms of cyberwarfare.
Chinese ‘Cyber Mercenaries’ Targeted U.S. Government Networks
On March 5, the U.S. Department of Justice (DOJ) indicted 12 Chinese nationals and one Chinese company for malicious cyber activity, including for-profit hacking. Of the 12 individuals, two were known associates of the Chinese Ministry of Public Security (MPS), the country’s main police agency, while another eight worked for the indicted company, which the U.S. Department of the Treasury also sanctioned. These hackers targeted U.S. government agencies, including the Defense Intelligence Agency, the Department of Commerce, and Treasury, among others. Described by a U.S. official as “cyber mercenaries,” the individuals and company received financial compensation from China’s Ministry of State Security (MSS), the country’s foremost intelligence service, for successful hacks and additional analysis of the stolen data.
Among those indicted are Zhou Shuai and Yin Kecheng, both of whom allegedly stole data from highly sensitive U.S. critical infrastructure to benefit China’s defense industrial base as early as 2013. According to DOJ, the two individuals regularly collaborate with each other to target infrastructure and steal and sell valuable data from the defense industrial base.
The pair are known members of Silk Typhoon, the hacking group responsible for compromising a government contractor to penetrate Treasury’s networks in late 2024. In response to that hack, Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Zhou on March 5 and Yin on January 17.
China Ramping Up Cyber Activity in U.S. Networks
The indictments and sanctions point to a plain truth about China’s criminal hackers and technology companies: They are increasingly and inextricably linked to the Chinese Communist Party and its malicious activities in cyberspace. As part of the indictment, DOJ revealed that for the past five years, Zhou was operating from a strict set of data collection parameters supplied by the MSS to gather data on telecommunications, border crossings, and personnel working in religious research, media, and the civil service.
The CCP instructs these and other cyber criminals to pursue a broad range of targets — directing them to break into as many emails, computers, and systems as possible and to collect all available information, regardless of its usefulness, according to U.S. government officials. This tactic can be likened to China’s long-held ‘Thousand Grains of Sand’ approach to intelligence gathering, which prioritizes volume over quality of information when piecing together its intelligence assessments.
Coinciding with the sanctions and indictments, Microsoft issued an updated threat assessment of Silk Typhoon. The company warned that these hackers are targeting remote management tools and cloud services within the information technology supply chain, providing the kind of access the CCP desires for its wide-net approach.
Washington Needs Better Defense and Offense
While sanctions and indictments are important steps, the ties between Chinese cyber criminals, technology firms, and the CCP provide yet another reason to prioritize tighter export controls and to screen outbound investment in the Chinese technology sector. Stronger cybersecurity requirements for telecommunications firms and government contractors would thwart many of China’s attacks. When defense is not enough, however, the United States should be prepared to launch its own cyberattacks against Chinese assets, such as the hacking groups that continue to compromise American critical infrastructure. Washington must ensure Beijing gets the message.
Johanna (Jo) Yang is a research and editorial associate at the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD), where she works on issues related to nation-state cyber threats, critical infrastructure protection, and U.S. cybersecurity policy.Jack Burnhamis a research analyst in the China Program at FDD. For more analysis from the authors, CCTI, and FDD’s China Program, please subscribe HERE. Follow Jack on X @JackBurnham802. Follow FDD on X @FDD and@FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.
Issues:
China Cyber Sanctions and Illicit Finance U.S. Defense Policy and Strategy