US sanctions three Chinese individuals for their involvement in cybercrime network
The US Treasury Department has sanctioned Chinese individuals and three Thai companies over their involvement in a cybercrime network.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) said it designated three individuals, Yunhe Wang, Jingping Liu, and Yanni Zheng, for their activities associated with the malicious botnet tied to the residential proxy service known as 911 S5.
"OFAC also sanctioned three entities—Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited—for being owned or controlled by Yunhe Wang," the department said.
“These individuals leveraged their malicious botnet technology to compromise personal devices, enabling cybercriminals to fraudulently secure economic assistance intended for those in need and to terrorize our citizens with bomb threats,” said Under Secretary Brian E. Nelson. “Treasury, in close coordination with our law enforcement colleagues and international partners, will continue to take action to disrupt cybercriminals and other illicit actors who seek to steal from U.S. taxpayers.”
The 911 S5 botnet was a malicious service that compromised victim computers and allowed cybercriminals to proxy their internet connections through these compromised computers, U.S. Department of the Treasury’s Office said in a statement,
Once a cybercriminal had disguised their digital tracks through the 911 S5 botnet, their cybercrimes appeared to trace back to the victim’s computer instead of their own.
The 911 S5 botnet compromised approximately 19 million IP addresses and facilitated the submission of tens of thousands of fraudulent applications related to the Coronavirus Aid, Relief, and Economic Security Act programs by its users, resulting in the loss of billions of dollars to the U.S. government.
The 911 S5 service enabled users to commit widespread cyber-enabled fraud using compromised victim computers that were associated to residential IP addresses.
The IP addresses compromised by the 911 S5 service were also linked to a series of bomb threats made throughout the United States in July 2022.