US places $2 million offers on malicious cyber actors from China

Admin I Wednesday, March 05, 2026

 

WASHINGTON – The United States Department of State’s Bureau of International Narcotics and Law Enforcement Affairs today announced
two reward offers under the Transnational Organized Crime Rewards Program (TOCRP) of up to $2 million each for information leading to the arrests and/or convictions, in any country, of malicious cyber actors Yin KeCheng and Zhou Shuai, both Chinese nationals residing in China.

Yin and Zhou were identified as associated with an advanced persistent threat group (APT27), who are also known to private sector security researchers as “Threat Group 3390,” “Bronze Union,” “Emissary Panda,” “Lucky Mouse,” “Iron Tiger,” “UTA0178,” “UNC 5221,” and “Silk Typhoon.”

Yin and Zhou according to the department are longtime members of the eco-system China uses to perpetuate its malicious cyber activity.

“They enrich themselves financially as hackers for hire for a myriad of Chinese entities”, the department said.

An FBI investigation of APT27, which began in approximately 2014, resulted in two separate indictments, announced today by the Department of Justice.

Yin is charged individually for cybercrime activity occurring from roughly 2013 to 2015, while Yin and Zhou are charged together in a separate conspiracy related to computer network intrusion activity occurring from roughly 2018 to 2020.

Yin and Zhou are each charged with wire fraud, money laundering, aggravated identity theft, and violations of the Computer Fraud and Abuse Act.

The reward offers also complement the announcement today of a Treasury sanctions action by the Office of Foreign Assets Control (OFAC) against Zhou and his company Shanghai Heiying Information Technology.

The combined actions represent a whole of government effort to combat malicious cyber actors.