On March 5, 2025, in addition to unsealing the i-SOON indictment, the US Department of the Treasury sanctioned Zhou Shuai (周帅) (a.k.a Coldface) — a Chinese hacker associated with allegedly state-backed cyber threat group APT27 — and Zhou’s company, Shanghai Heiying Information Technology Company (上海黑英信息技术有限公司). On the same day, the US Department of Justice (US DoJ) unsealed indictments charging Zhou Shuai and Yin Kecheng, his alleged co-conspirator, for malicious cyber activity tracing from 2011 to the present-day. Zhou Shuai’s name may be new to many of us. However, in the Chinese hacking world, Zhou Shuai is a renowned hacker who was among men of the moment - the first-generation Chinese patriotic hackers in the mid 90s. In his evolution into an allegedly state-sponsored hacker behind APT27, Zhou Shuai exemplifies a cohort of highly skilled Chinese hackers who have become a significant asset for Chinese state cyber operations.

Zhou Shuai: from Founding Member of Green Army to the Org…