US Names and Sanctions Hackers Accused of Treasury Breach
January 22, 2025
The United States is sanctioning Chinese parties for their alleged involvement in high profile hacks on US organizations, including the recent attack on the Treasury Department.
The US Treasury Department revealed in a press release that authorities know full well who orchestrated the recent wave of cyberattacks targeting US telecoms and government agencies, including the recent breach of the Treasury itself through a vulnerable services provider.
“Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) is sanctioning Yin Kecheng, a Shanghai-based cyber actor who was involved with the recent Department of the Treasury network compromise,” reads the press release. “Additionally, OFAC is sanctioning Sichuan Juxinhe Network Technology Co., LTD., a Sichuan-based cybersecurity company with direct involvement in the Salt Typhoon cyber group, which recently compromised the network infrastructure of multiple major U.S. telecommunication and internet service provider companies.”
Chinese state-backed cyber actors continue to present some of the most serious and persistent threats to US national security, the Treasury says, citing the most recent Office of the Director of National Intelligence Annual Threat Assessment.
Key hacker identified as Yin Kecheng
A key figure behind the recent Treasury breach has been identified as Yin Kecheng, a Chinese national known to have been working for the Chinese security service for over a decade.
“Yin Kecheng has been a cyber actor for over a decade and is affiliated with the People’s Republic of China Ministry of State Security (MSS),” the Treasury notes. “Yin Kecheng was associated with the recent compromise of the Department of the Treasury’s Departmental Offices network.”
OFAC is sanctioning Yin Kecheng as contributing to “a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.”
SALT Typhoon and Sichuan Juxinhe
The Treasury names Sichuan Juxinhe Network Technology, a Sichuan-based cybersecurity company, as having direct involvement in the Salt Typhoon cyber group, said to be responsible for the recent compromise of the network infrastructure of multiple major US telecom and internet service provider companies.
“Salt Typhoon has been active since at least 2019 and has been responsible for numerous compromises of U.S. companies in the communication sector,” the notice continues. […] “The Salt Typhoon intrusions are one example of an increasing number of PRC state-backed malicious cyber activities, which necessitate costly remediation efforts. […] Sichuan Juxinhe had direct involvement in the exploitation of these U.S. telecommunication and internet service provider companies.”
OFAC is sanctioning Sichuan Juxinhe as having “materially contributed to a threat to the national security, foreign policy, or economic health or financial stability of the United States [with the] purpose or effect of harming, or otherwise compromising the provision of services by, a computer or network of computers that support one or more entities in a critical infrastructure sector.”
As a result of this action, all property and interests in property of the designated entities that are in the United States or in the possession or control of US persons are blocked and must be reported to OFAC. Anyone who deals with these entities from now on may face civil or criminal penalties.
Multiple sanctions on Chinese actors
These designations are the only the latest in a series of Treasury sanctions aimed at combatting increasingly reckless cyber activity by the PRC and PRC-based actors, including:
· The Jan. 3, 2025 designation of Integrity Technology Group, Inc. for its role in Flax Typhoon malicious cyber activity
· The Dec. 10, 2024 designation of Sichuan Silence Information Technology Company, Ltd. and one of its employees for dangerous firewall compromises
· The March 25, 2024 designation of Wuhan Xiaoruizhi Science and Technology Company, Ltd. and two of its employees as Advanced Persistent Threat (APT) 31 malicious cyber actors
“These all represent dangerous cyber activities directed at the United States, its partners, and allies,” the Treasury stresses.
Unnamed US officials cited by The Washington Post say the hackers’ mission in the Treasury breach was (ironically) to obtain information on upcoming sanctions imposed by the US on China.
The US Department of State’s Rewards for Justice program is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act.
tags
Author
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsRight now Top posts
Your Device ‘Fingerprint’ Will Go to Advertisers Starting February 2025
December 24, 2024
Beware of Scam Emails Seeking Donations for UNICEF or Other Humanitarian Groups
December 19, 2024
Torrents with Pirated TV Shows Used to Push Lumma Stealer Malware
November 14, 2024
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
