May 28, 2024 at 05:06PM
The U.S. Treasury Department sanctioned a cybercrime network involving Chinese nationals and Thai companies connected to the “911 S5” botnet, which compromised millions of IP addresses. The network enabled cybercriminals to commit fraud and make bomb threats. Key individuals and entities have been sanctioned, prohibiting transactions and exposing violators to sanctions or enforcement actions. The use of proxy server networks in cyberespionage campaigns was also highlighted.
Based on the meeting notes, the U.S. Treasury Department has sanctioned a cybercrime network involving three Chinese nationals and three Thailand-based companies for their involvement in a massive botnet known as “911 S5.” This botnet controlled approximately 120,000 residential proxy nodes worldwide, communicating with offshore command-and-control servers.
The 911 S5 botnet was used to compromise millions of IP addresses, allowing cybercriminals to commit fraudulent activities, such as submitting thousands of fraudulent applications related to the Coronavirus Aid, Relief, and Economic Security Act, resulting in billions of dollars in losses. Additionally, the compromised IP addresses were used to make bomb threats in the United States.
In response, the Office of Foreign Assets Control (OFAC) sanctioned Yunhe Wang, the 911 S5 service administrator, Jingping Liu, the operation’s money launderer, and Yanni Zheng, who acted as a power of attorney for Yunhe Wang. Three entities owned or controlled by Yunhe Wang were also sanctioned.
As a result of the sanctions, all transactions involving U.S. interests and properties of the designated individuals and entities are prohibited. Furthermore, dealings with sanctioned individuals and companies could expose others to sanctions or enforcement actions.
Additionally, cybersecurity firm Mandiant warned that Chinese state hackers are increasingly using vast proxy server networks to evade detection during their cyberespionage campaigns.