WASHINGTON – A federal judge in Washington, D.C., unsealed two separate indictments that allege Chinese nationals Yin Kecheng, 38, (尹 可成) a/k/a “YKC” (“YIN”) and Zhou Shuai, 45, (周帅) a/k/a “Coldface” (“ZHOU”) violated various federal statutes by participating in years-long, sophisticated computer hacking conspiracies that successfully targeted a wide variety of U.S.-based victims from 2011 to the present-day. According to the documents unsealed today, the defendants targeted a multitude of U.S. victim companies, municipalities, and organizations for profit, causing millions of dollars’ worth of damages. YIN and ZHOU, who have ties to the government of the People’s Republic of China (“PRC”), are alleged to have stolen and exfiltrated data from numerous U.S.-based technology companies, think tanks, defense contractors, government municipalities, and universities that they later brokered for sale. Arrest warrants have been issued for YIN and ZHOU, who both remain fugitives.
The unsealing by the U.S. Attorney’s Office for the District of Columbia is part of the coordinated effort by Department of Justice (the “Department”), other U.S. Attorney’s Offices, the U.S. Department of Treasury (“Treasury”), and private sector partners that highlights the Chinese government’s unique role in intentionally promoting and protecting the wide-scale computer hacking activity by its citizens. According to court documents unsealed today, the PRC Ministry of Public Security (“MPS”) and Ministry of State Security (“MSS”) directed or financed Chinese hackers, such as the defendants, to conduct computer intrusions against high-value targets in the United States and elsewhere. Victims include U.S.-based critics and dissidents of the PRC, a large religious organization in the United States, the foreign ministries of multiple governments in Asia, and U.S. federal and state government agencies, including most recently in 2024.
According to court documents, the MPS and MSS employed an extensive network of private companies and contractors in China to hack and steal information in a manner that obscured the PRC government’s direct involvement. By employing these hackers-for-hire, the PRC government further allowed these same hackers to profit by committing additional computer intrusions around the world with impunity, and then to sell stolen data through Chinese data brokers. The PRC government’s state-sponsorship and protection of these hackers resulted in the loss of sensitive, valuable and personal identification information that was a direct harm to U.S. entities and other foreign governments and victims.
In conjunction with the unsealing, the Department announced the judicially authorized seizure of internet domains linked to YIN that he used in facilitating the conspiracy’s network intrusion activity. In addition, the Department announced the judicially authorized seizure of a Virtual Private Server (“VPS”) account linked to ZHOU that he used to facilitate network intrusion activity. In conjunction with these actions, the Treasury announced sanctions against ZHOU and his company Shanghai Heiying Information Technology company, Limited (“Shanghai Heiying”). YIN was previously sanctioned for his role in the recent Treasury network compromise in January 2025.
“These indictments and actions show this Office’s long-standing commitment to vigorously investigate and hold accountable Chinese hackers and data brokers who endanger U.S. national security and other victims across the globe,” said U.S. Attorney Edward R. Martin, Jr. “The defendants in these cases have been hacking for the Chinese government for years, and these indictments lay out the strong evidence showing their criminal wrongdoing. We, again, demand that the Chinese government put a stop to these brazen cyber criminals who are targeting victims across the globe and then monetizing the data they have stolen by selling it across China.”
“The defendants allegedly waged a yearslong hacking campaign against U.S.-based organizations to steal their data and sell it to various customers, some of whom had connections to the Chinese government,” said FBI Acting Assistant Director in Charge Roman Rozhavsky of the FBI Washington Field Office. “Today’s indictment is the first step toward bringing these perpetrators to justice for endangering U.S. national security and causing significant financial losses for both U.S. and foreign companies. The FBI and our partners will continue to pursue these hostile cyber actors to the full extent of the law.”
“The defendants’ years-long hacking conspiracy to steal data from Cleared Defense Contractors that support the U.S. military—among many other U.S.-based victims—and sell it to customers with ties to the Chinese government poses a significant threat to our national security,” said NCIS Cyber Operations Field Office Special Agent in Charge Josh Stanley. “NCIS remains committed to working with the FBI and our law enforcement partners around the world to expose malicious actors who seek to undermine the cybersecurity of the Department of the Navy.”
As alleged in the documents unsealed today, at various points between August 2013 and December 2024, YIN, ZHOU, and their unindicted co-conspirators used sophisticated hacking tools and techniques in their efforts to overcome network defenses and avoid detection of numerous hardened targets in the United States and around the world. The defendants and their co-conspirators would routinely scan victim networks for vulnerabilities, exploit those vulnerabilities with sophisticated hacking techniques, and conduct reconnaissance once inside a victim’s network. The defendants and their co-conspirators and would install malware that would allow them to maintain persistent access and enable them to communicate with malicious external servers and other hacking infrastructure. The defendants and their co-conspirators would identify and steal data from the compromised networks by exfiltrating the data to servers under their control. The stolen data was then brokered for sale and provided to various customers, some of whom had connections to the PRC government and military.
