The person at the center of this case
Multiple victims worldwide (scores of organizations and individuals)
Cold Case ยท Open
65 days waiting
YIN KECHENG
Justice for Multiple victims worldwide (scores of organizations and individuals) โ the trail went cold in 2026, but the truth hasn't.
Start here
Key leads to think about
๐ฏ
suspect
Lead #1Where is Yin Kecheng currently located and what protective measures has he taken to avoid apprehension?
๐
evidence
Lead #2What specific vulnerabilities were exploited in victim networks and how can organizations defend against similar attacks?
๐
contact
Lead #3Who are the identified customers and intermediaries that purchased stolen data, and what government connections exist?
Yin Kecheng is wanted by the FBI for his alleged involvement in a sophisticated international cybercrime conspiracy spanning 2013-2020, where he and co-conspirators compromised networks, stole data from scores of victims worldwide, and sold stolen information to customers including PRC government agencies. The investigation revealed the use of advanced malware like PlugX to maintain persistent access to victim networks, with stolen data brokered through intermediaries like i-Soon. Yin Kecheng remains at large with a reward of up to $2,000,000, and his apprehension is critical to disrupting ongoing cyber espionage operations and holding accountable those who facilitate data theft on a global scale.
Case
#936
Federal Bureau of Investigation (FBI); U.S. District Court for the District of Columbia
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above โ each detail below could be the thread that pulls this case open.
๐ก
clue
Lead #4What role did Zhou Shuai and i-Soon play in distributing stolen data to PRC Ministry of State Security and Ministry of Public Safety?
๐
vehicle
Lead #5What servers and infrastructure were used to exfiltrate and store stolen data, and can they be traced and seized?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Cause Damage To, and Obtain Information By Unauthorized Access To, Protected Computers, to Commit Wire Fraud, and to Commit Aggravated Identity Theft; Wire Fraud; Obtaining Information by Unauthorized Access to Protected Computers; Intentionally Causing Damage to Protected Computers; Aggravated Identity Theft; Money Laundering Caution: Yin Kecheng and Zhou Shuai are wanted for their alleged involvement in compromising and stealing data belonging to scores of victims around the world. The men, and their co-conspirators, allegedly exploited vulnerabilities in victim networks, conducted reconnaissance once inside those networks, and installed malware, such as PlugX malware, that provided persistent access.
The men then allegedly identified and stole data from the compromised networks by exfiltrating it to servers under their control. They also allegedly brokered stolen data for sale and provided it to various customers, only some of whom had connections to the PRC government and military.
Zhou Shuai allegedly sold data stolen by Yin Kecheng through i-Soon, a company whose primary customers included the PRC Ministry of State Security (MSS) and the Ministry of Public Safety (MPS). In 2018 and 2023, Grand Juries in the District of Columbia returned indictments against Yin Kecheng on multiple charges related to criminal activity occurring between 2013 and 2020.
Remarks: Yin Kecheng was last known to reside in Shanghai, China.
Timeline of Events
๐ต๏ธ
2013
Criminal activity period begins
Alleged unauthorized access and data theft activities commence
๐ต๏ธ
2020
Criminal activity period ends
Alleged criminal activities conclude
๐
2018
First indictment
Grand Jury in District of Columbia returns indictment against Yin Kecheng
๐
2023
Second indictment
Grand Jury in District of Columbia returns additional indictment against Yin Kecheng
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:January 1, 2013
Last Updated:May 19, 2026
Up to $2,000,000 Reward
For information leading to the resolution of this case
Leave a comment
Comments
Case Information
Incident:January 1, 2013
Last Updated:May 19, 2026
Up to $2,000,000 Reward
For information leading to the resolution of this case