May 29 Washington, US:
The US Treasury Department has sanctioned three entities based in Thailand and three individuals from China for their ties to a botnet that caused the US government to lose billions of dollars due to cyber fraud, bomb threats, and COVID aid applications. Treasury Department records show that users of the 911 S5 botnet service were able to submit thousands of false applications for programmes funded by the Coronavirus Aid, Relief, and Economic Security Act, with the help of about 19 million compromised IP addresses.
With the help of the botnet, criminals were able to conduct massive cyber-enabled fraud by compromising victim computers linked to residential IP addresses. Multiple bomb threats made around the US in July 2022 were associated with the compromised IP addresses of the 911 S5 service. The sanctionees were sanctioned by a joint effort between the Singaporean and Thai government agencies, the US Department of Commerce's Office of Export Enforcement, the Defence Criminal Investigative Service, and the Federal Bureau of Investigation.
On May 28, three individuals—Yunhe Wang, Jingping Liu, and Yanni Zheng—were designated by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) for their involvement in the 911 S5 residential proxy service-related harmful botnet. For their ties to Yunhe Wang, OFAC levied sanctions on three companies: Lily Suites Company Limited, Tulip Biz Pattaya Group Company Limited, and Spicy Code Company Limited. "These individuals leveraged their malicious botnet technology to compromise personal devices, enabling cybercriminals to fraudulently secure economic assistance intended for those in need and to terrorise US citizens with bomb threats," stated Brian E. Nelson, Under Secretary.
He assured the public that the US Treasury Department would keep working with other US law enforcement agencies and foreign allies to foil the schemes of cybercriminals and other bad actors who prey on American taxpayers.
The botnet malware service infiltrated victim PCs and enabled cybercriminals to use them as proxies for their internet connections. After a hacker had used a botnet to mask their digital footprint, it seemed as though the victim's computer, not the hacker's, had been the target of their cybercrimes.
Following an order from the US Treasury Department, OFAC must be notified of and all assets and interests in assets belonging to the specified individuals and businesses that are either physically present in the US or under the control of US persons. Under the restrictions set forth by OFAC, it is usually forbidden for any transactions involving the property or interests in property of a blocked or designated company to be conducted by U.S. persons or within the United States, including transactions that transit the United States.
The US Department of Justice, the FBI, the UK Foreign, Commonwealth & Development Office (FCDO), and the US Department of State collaborated in March this year to take action against individuals associated with the Chinese state-sponsored APT 31 hacking group, according to the Treasury Department.
Wuhan Xiaoruizhi Science and Technology firm, Limited (Wuhan XRZ), a front firm situated in Wuhan, China, that has provided as cover for various harmful cyber operations, has been sanctioned by the Office of Foreign Assets Control (OFAC) of the Department of the Treasury. US national security was jeopardised when OFAC blacklisted two Chinese nationals, Zhao Guangzong and Ni Gaobin, for their involvement in hostile cyber activities against US firms operating within US critical infrastructure sectors.
