US sanctions 3 Chinese nationals, 3 Thai entities over cyberfraud linked to bomb threat, COVID relief
May 29, 2024
Washington [US], May 29 : Three Chinese nationals and three Thailand based entities have been sanctioned by the US Treasury Department for being associated with a malicious botnet that enabled users to commit cyber fraud including bomb threats and apply for COVID aid, which resulted in loss of billions of dollars of the US government.
According to the Treasury Department, the 911 S5 botnet service compromised approximately 19 million IP addresses and facilitated the submission of tens of thousands of fraudulent applications related to the Coronavirus Aid, Relief, and Economic Security Act programs by its users.
The botnet enabled users to commit widespread cyber-enabled fraud using compromised victim computers that were associated to residential IP addresses.
The IP addresses compromised by the 911 S5 service were also linked to a series of bomb threats made throughout the United States in July 2022.
Federal Bureau of Investigation, Defence Criminal Investigative Service, US Department of Commerce's Office of Export Enforcement, as well as partners in Singapore and Thailand joined forces to sanction the individuals and entities.
The US Department of the Treasury's Office of Foreign Assets Control (OFAC) on May 28 designated three individuals, Yunhe Wang, Jingping Liu, and Yanni Zheng, for their activities associated with the malicious botnet tied to the residential proxy service known as 911 S5.
OFAC also sanctioned three entities--Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited--for being owned or controlled by Yunhe Wang.
"These individuals leveraged their malicious botnet technology to compromise personal devices, enabling cybercriminals to fraudulently secure economic assistance intended for those in need and to terrorize US citizens with bomb threats," said Under Secretary Brian E Nelson.
He said that the Treasury department in close coordination with US law enforcement colleagues and international partners, will continue to take action to disrupt cybercriminals and other illicit actors who seek to steal from US taxpayers.
The botnet malicious service compromised victim computers and allowed cybercriminals to proxy their internet connections through these compromised computers. Once a cybercriminal had disguised their digital tracks through the botnet, their cybercrimes appeared to trace back to the victim's computer instead of their own.
As a result of the US Treasury Department's action, all property and interests in property of the designated individuals and entities that are in the United States or in the possession or control of US persons must be blocked and reported to OFAC.
OFAC's regulations generally prohibit all dealings by U.S. persons or within the United States (including transactions transiting the United States) that involve any property or interests in property of a blocked or designated entity.
In March this year the Treasury Department said that in a collaborative action the US Department of Justice, Federal Bureau of Investigation (FBI), Department of State, and the United Kingdom Foreign, Commonwealth & Development Office (FCDO) had taken action against actors affiliated with the Chinese state-sponsored APT 31 hacking group.
The Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has served as cover for multiple malicious cyber operations.
OFAC also designated Zhao Guangzong and Ni Gaobin, two Chinese nationals affiliated with Wuhan XRZ, for their roles in malicious cyber operations targeting US entities that operate within US critical infrastructure sectors, directly endangering US national security.