i-Soon Exposed: Inside China’s “Hackers-for-Hire” Network Unmasked by the U.S.

In a dramatic blow to China's covert cyber operations, the U.S. Justice Department has unsealed indictments charging employees of i-Soon (Anxun Information Technology) a Chinese cybersecurity firm with running widespread hacking campaigns at the direction of China’s Ministry of State Security (MSS) and Ministry of Public Security (MPS).

Dubbed “hackers-for-hire”, i-Soon operatives allegedly targeted everything from U.S. federal agencies and state departments to journalists, human rights activists, and even Chinese dissidents overseas. This revelation adds to growing global concerns about China’s use of private firms as cyber mercenaries, blurring the lines between state-sponsored espionage and commercial cybercrime.

The Thrilling Leak That Started It All

In early 2024, a rare and unauthorized leak of internal i-Soon documents shocked the cybersecurity world. The leak revealed:

- Tools and services used to spy on pro-democracy activists in Hong Kong and Uyghur Muslims in Xinjiang.

- Evidence of foreign surveillance, social media manipulation, and data theft campaigns.

- A chilling reality: Private Chinese companies actively support state surveillance and repression both at home and abroad.

Thrilling fact: Among the disclosed targets was the U.S. Department of the Treasury, breached in late 2024. This means critical American financial data may have fallen into foreign hands without the public even knowing until now.

Who Was Targeted?

According to the indictments, the i-Soon team cast a wide net, hacking:

- U.S. Federal and State Agencies

- Journalists and Human Rights Groups

- Chinese Pro-Democracy Dissidents living abroad

- Corporate networks in various industries

- Foreign government databases in Europe and Asia

They even engaged in for-profit hacking, stealing data that had no strategic value to China—only to sell it to third parties. This shows that i-Soon wasn't just a state-backed operation—they were also running a global cybercrime business.

The Faces Behind the Screens

The U.S. has named and charged multiple i-Soon employees, including:

- Wu Haibo, CEO

- Chen Cheng, COO

- Liang Guodong, Tech Staff

- Wang Zhe, Sales Director

- Zhou Weiwei, Tech Staff

...and more—including officers from China’s Ministry of Public Security.

The U.S. has also unsealed separate indictments against Yin Kecheng and Zhou Shuai (aka Coldface), linked to the APT27 hacking group, known for cyber-espionage campaigns dating back to 2013.

Interesting twist: The U.S. is now offering rewards for tips on these individuals, showing how serious this operation is. It’s no longer just about cybersecurity, it’s about international justice.

Unique Perspective: When Cybersecurity Becomes Cyber Oppression

This case shines a light on a disturbing trend: authoritarian regimes are outsourcing repression to tech-savvy companies, effectively turning the cybersecurity industry into an extension of state surveillance.

i-Soon’s dual role protecting networks on one hand, hacking them on the other—raises a vital question: Can any private firm operating under repressive regimes truly be trusted with global data?

In a world where private firms can act as cyber arms dealers, there's a real risk that your data may become collateral in a government’s quest for control, especially if that data crosses international borders.

What This Means for the World

The i-Soon indictments show that:

- State-backed cyberattacks are evolving and private firms are the new frontline soldiers.

- Espionage has gone commercial making cybercrime more profitable, scalable, and dangerous.

- The West is willing to name and shame, seize domains, and pursue international justice, even if the culprits are beyond immediate reach.

This isn't just a tale of data breaches. It’s a global warning: cyber warfare is no longer reserved for nation-states, it’s now a booming private industry.

The i-Soon saga isn’t just about indictments and hacking tools. It’s about a new era of digital repression, where private firms wear the mask of security but act as agents of control. And as governments worldwide race to defend their networks, we’re left to ask:

If your cybersecurity is being handled by a private company with ties to authoritarian regimes, are you truly safe or just being silently watched?