The person at the center of this case
U.S. and international companies, universities, research institutes, and governmental entities
Cold Case · Open
4 years waiting · since 2021
APT 40 CYBER ESPIONAGE ACTIVITIES
Justice for U.S. and international companies, universities, research institutes, and governmental entities — the trail went cold in 2021, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1How were the four individuals coordinating cyber operations across multiple sectors and countries?
🔍
evidence
Lead #2What specific trade secrets and intellectual property were successfully exfiltrated during the 2012-2018 campaign?
💡
clue
Lead #3Which front companies were established by the PRC Ministry of State Security to conduct the cyber operations?
On May 28, 2021, a federal grand jury indicted four Chinese nationals for operating a sophisticated cyber espionage campaign targeting U.S. and foreign entities from 2012 to 2018, allegedly on behalf of China's Ministry of State Security. The conspiracy targeted trade secrets and intellectual property across aerospace, defense, biomedical, and other critical sectors through computer network intrusions and front companies. The case remains active as authorities work to locate and apprehend the four fugitives operating from mainland China.
Case
#786
United States (multi-state targeting)
U.S. District Court for the Southern District of California; Federal Bureau of Investigation
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
👤
person
Lead #4Are the four fugitives still actively engaged in cyber espionage activities from mainland China?
📍
location
Lead #5What infrastructure and command-and-control servers were used to orchestrate the attacks?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Damage Protected Computers and Commit Economic Espionage; Criminal Forfeiture Caution: On May 28, 2021, a federal grand jury in the United States District Court for the Southern District of California returned an indictment against four People’s Republic of China (PRC) citizens for their alleged roles in a long running campaign of computer network operations targeting trade secrets, intellectual property, and other high value information from companies, universities, research institutes, and governmental entities in the United States and abroad, as well as multiple foreign governments. The indictment alleges that Zhu Yunmin, Wu Shurong, Ding Xiaoyang, and Cheng Qingmin targeted the following sectors: aerospace/aviation, biomedical, defense industrial base, healthcare, manufacturing, maritime, research institutes, transportation (rail and shipping), and virus research from 2012 to 2018, on behalf of the PRC Ministry of State Security.
Additionally, the indictment alleges the use of front companies by the PRC Ministry of State Security to conduct cyber espionage. The four individuals are identified as: ZHU Yunmin 朱允敏 (STC Codes: 2612/0336/2404) Alias: Zhu Rong WU Shurong 吴淑荣 (STC Codes: 0702/3219/2837) Aliases: goodperson, ha0r3n, Shi Lei DING Xiaoyang 丁晓阳 (STC Codes: 0002/2556/7122) Aliases: Ding Hao, Manager Chen CHENG Qingmin 程庆民 (STC Codes: 4453/1987/3046) Alias: Manager Cheng
Timeline of Events
🕵️
2012
Campaign begins
Long-running cyber espionage campaign targeting U.S. and foreign entities begins
🕵️
2018
Campaign ends
Alleged cyber espionage operations conclude
📋
2021-05-28
Federal indictment
Federal grand jury in Southern District of California returns indictment against four PRC nationals for conspiracy to damage protected computers and commit economic espionage
Case Information
Incident:January 1, 2012
Last Updated:May 13, 2026
Leave a comment
Comments
Case Information
Incident:January 1, 2012
Last Updated:May 13, 2026