The person at the center of this case
U.S. and foreign companies, universities, research institutes, and governmental entities
Cold Case · Open
4 years waiting · since 2021
APT 40 CYBER ESPIONAGE ACTIVITIES
Justice for U.S. and foreign companies, universities, research institutes, and governmental entities — the trail went cold in 2021, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1What is the current location and status of the four indicted individuals: Zhu Yunmin, Wu Shurong, Ding Xiaoyang, and Cheng Qingmin?
🔍
evidence
Lead #2What specific trade secrets and intellectual property were stolen, and which companies or institutions were most heavily targeted?
💡
clue
Lead #3How did the front companies established by the PRC Ministry of State Security facilitate the cyber operations?
On May 28, 2021, a federal grand jury indicted four Chinese citizens—Zhu Yunmin, Wu Shurong, Ding Xiaoyang, and Cheng Qingmin—for operating a sophisticated cyber espionage campaign on behalf of China's Ministry of State Security from 2012 to 2018. The conspiracy targeted trade secrets and intellectual property from U.S. and foreign companies, universities, research institutes, and government entities across aerospace, defense, biomedical, and other critical sectors. The case remains active as authorities work to locate and apprehend the four fugitives and dismantle their cyber infrastructure.
Case
#786
United States District Court for the Southern District of California; Federal Bureau of Investigation
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
📍
location
Lead #4What infrastructure and command-and-control servers were used to conduct the attacks?
📞
contact
Lead #5Were any accomplices or co-conspirators in the United States identified in the investigation?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Damage Protected Computers and Commit Economic Espionage; Criminal Forfeiture Caution: On May 28, 2021, a federal grand jury in the United States District Court for the Southern District of California returned an indictment against four People’s Republic of China (PRC) citizens for their alleged roles in a long running campaign of computer network operations targeting trade secrets, intellectual property, and other high value information from companies, universities, research institutes, and governmental entities in the United States and abroad, as well as multiple foreign governments. The indictment alleges that Zhu Yunmin, Wu Shurong, Ding Xiaoyang, and Cheng Qingmin targeted the following sectors: aerospace/aviation, biomedical, defense industrial base, healthcare, manufacturing, maritime, research institutes, transportation (rail and shipping), and virus research from 2012 to 2018, on behalf of the PRC Ministry of State Security.
Additionally, the indictment alleges the use of front companies by the PRC Ministry of State Security to conduct cyber espionage. The four individuals are identified as: ZHU Yunmin 朱允敏 (STC Codes: 2612/0336/2404) Alias: Zhu Rong WU Shurong 吴淑荣 (STC Codes: 0702/3219/2837) Aliases: goodperson, ha0r3n, Shi Lei DING Xiaoyang 丁晓阳 (STC Codes: 0002/2556/7122) Aliases: Ding Hao, Manager Chen CHENG Qingmin 程庆民 (STC Codes: 4453/1987/3046) Alias: Manager Cheng
Timeline of Events
🕵️
2012-01-01
Cyber espionage campaign begins
APT 40 begins targeting multiple sectors on behalf of PRC Ministry of State Security
🕵️
2018-12-31
Campaign period ends
Alleged cyber espionage activities conclude in 2018
🕵️
2021-05-28
Federal indictment returned
Grand jury in Southern District of California indicts four PRC citizens for conspiracy to damage protected computers and economic espionage
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:January 1, 2012
Last Updated:April 29, 2026
Leave a comment
Comments
Case Information
Incident:January 1, 2012
Last Updated:April 29, 2026