The person at the center of this case
Multiple international cybercrime victims (data theft)
Cold Case · Open
94 days waiting
ZHOU SHUAI
Justice for Multiple international cybercrime victims (data theft) — the trail went cold in 2026, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1What is Zhou Shuai's current location and how has he evaded international law enforcement since 2023?
🔍
evidence
Lead #2What specific vulnerabilities in victim networks were exploited and how was the PlugX malware deployed?
📞
contact
Lead #3Who were the specific customers and government entities that purchased stolen data from i-Soon?
Zhou Shuai is wanted by the FBI for his alleged involvement in a sophisticated international cybercrime conspiracy between 2018 and 2020, in which he and co-conspirators compromised networks, stole sensitive data from scores of victims worldwide, and sold that data to customers including Chinese government agencies. The investigation revealed that Zhou Shuai brokered stolen data through i-Soon, a company whose primary clients were the PRC Ministry of State Security and Ministry of Public Safety. Zhou Shuai's current whereabouts remain unknown, though he was last known to reside in Shanghai, China, and the FBI is offering up to $2 million for information leading to his location and arrest.
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
💡
clue
Lead #4What data exfiltration servers under Zhou Shuai's control can be identified and traced?
👤
person
Lead #5What is the relationship between Zhou Shuai and co-conspirator Yin Kecheng, and are they still operating together?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Cause Damage To, and Obtain Information By Unauthorized Access To, Protected Computers, to Commit Wire Fraud, and to Commit Aggravated Identity Theft; Wire Fraud; Obtaining Information by Unauthorized Access to Protected Computers; Intentionally Causing Damage to Protected Computers; Aggravated Identity Theft; Money Laundering Caution: Zhou Shuai and Yin Kecheng are wanted for their alleged involvement in compromising and stealing data belonging to scores of victims around the world. The men, and their co-conspirators, allegedly exploited vulnerabilities in victim networks, conducted reconnaissance once inside those networks, and installed malware, such as PlugX malware, that provided persistent access.
The men then allegedly identified and stole data from the compromised networks by exfiltrating it to servers under their control. They also allegedly brokered stolen data for sale and provided it to various customers, only some of whom had connections to the PRC government and military.
Zhou Shuai allegedly sold data stolen by Yin Kecheng through i-Soon, a company whose primary customers included the PRC Ministry of State Security (MSS) and the Ministry of Public Safety (MPS). In 2023, a Grand Jury in the District of Columbia returned an indictment against Zhou Shuai on multiple charges related to criminal activity occurring between 2018 and 2020.
Remarks: Zhou Shuai was last known to reside in Shanghai, China.
Timeline of Events
🕵️
2018
Criminal Activity Period Begins
Zhou Shuai and co-conspirators begin exploiting network vulnerabilities and installing malware such as PlugX
🕵️
2020
Criminal Activity Period Ends
Alleged criminal activity concludes
🕵️
2023
Federal Indictment
Grand Jury in the District of Columbia returns indictment against Zhou Shuai on multiple charges including conspiracy, wire fraud, unauthorized computer access, and aggravated identity theft
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:January 1, 2018
Last Updated:June 15, 2026
Up to $2,000,000 Reward
For information leading to the resolution of this case
Leave a comment
Comments
Case Information
Incident:January 1, 2018
Last Updated:June 15, 2026
Up to $2,000,000 Reward
For information leading to the resolution of this case