On Friday, January 17, the U.S. Department of the Treasury announced sanctions on Chinese companies directly linked to the Chinese hacking group “Salt Typhoon”, which has recently targeted the infrastructure of several major U.S. telecommunications companies, marking one of a series of Chinese network espionage activities that shocked the U.S. government last year.
According to a statement released by the Treasury Department, the Office of Foreign Assets Control (OFAC) imposed sanctions on the network security company Sichuan Juxinhe Network Technology Co., Ltd., directly involved in the “Salt Typhoon” operation, along with Shanghai hacker Yin Kecheng, who was involved in recent cyber intrusions targeting the U.S. Treasury Department.
Deputy Treasury Secretary Wally Adeyemo stated that the Treasury Department will continue to utilize its power to hold accountable malicious cyber actors targeting the American people, U.S. companies, and the U.S. government, including hackers specifically targeting the Treasury Department.
The Treasury Department’s statement mentioned that the malicious network organization “Salt Typhoon” has been active since at least 2019, with multiple incursions into the network infrastructure of U.S. telecommunications companies.
In November of last year, the group attacked the network infrastructure of several major U.S. telecommunications companies, signifying a significant escalation by the Chinese authorities in targeting critical U.S. infrastructure.
The statement indicated that the sanctioned Sichuan company was directly involved in the attacks on U.S. telecommunications companies, with close connections maintained between the Chinese Ministry of State Security and several computer network companies, including Sichuan Juxinhe.
The Chinese hackers of “Salt Typhoon” infiltrated at least 9 U.S. telecommunications and telecommunications infrastructure companies, and are suspected of conducting surveillance on Washington political officials and business elites, including President Trump, Vice President Harris, and Vice President Pence.
The statement revealed that Yin Kecheng, the Chinese hacker involved in recent attacks on the Treasury Department’s network, has been engaged in related activities for over a decade and has ties to the Chinese Ministry of State Security.
On December 30, the Treasury Department informed Congress that Chinese-backed hackers breached the Department’s computers, accessing some “workstations”. Workstations refer to the personal computers or terminals used by employees. The hackers breached a third-party network security service provider for the Treasury Department, gaining access to non-sensitive documents.
The Chinese hackers also infiltrated the Committee on Foreign Investment in the United States (CFIUS) and the Office of Foreign Assets Control (OFAC). CFIUS is responsible for reviewing foreign investments for national security risks in the U.S., chaired by the Treasury Secretary. The committee has broad powers to block Chinese investments in the U.S.
The infiltration of OFAC could potentially lead to the disclosure of sensitive information related to government sanctions deliberations. Even non-sensitive records could provide adversaries with enough information to understand how the U.S. formulates sanctions against foreign targets and possibly identifies target identities.
The individuals and entities designated will have all their assets and property interests in the U.S. or held or controlled by U.S. persons frozen and must report to OFAC. Additionally, any entity with direct or indirect ownership of 50% or more by designated individuals and entities will also be frozen.
Unless authorized or exempted by OFAC, U.S. sanctions typically prohibit any transactions related to the property or interest of designated individuals and entities by U.S. persons or within the U.S. (or through the U.S.).
Violations of sanctions can result in civil or criminal penalties imposed on U.S. and foreign individuals.
This sanction is one of a series of sanctions imposed by the U.S. Treasury Department against Chinese malicious cyber attacks.
On January 3, the Treasury Department imposed cyber security sanctions on China’s Integrity Technology Group, alleging the company supported the Chinese hacking group “Linen Typhoon” and played a role in multiple computer intrusion incidents suffered by U.S. victims.
On December 10, the U.S. government announced sanctions on the Chinese cyber security company “Sichuan Silent Information Technology Company” and its employee Guan Tianfeng. Sichuan Silent claimed to be a major network security support unit of the Chinese Ministry of Public Security and the “national important vulnerability platform support unit” of the Chinese government.
Guan Tianfeng was accused of exploiting a “zero-day vulnerability” in a firewall product of the British network security company Sophos, deploying malicious software to around 81,000 firewall products used by thousands of global enterprises.
The State Department also announced a reward of up to $10 million to provide information to identify or locate Guan Tianfeng, or any individual conducting certain malicious network activities against U.S. critical infrastructure under the direction or control of a foreign government. These activities violate the U.S. Computer Fraud and Abuse Act.
On March 25 of last year, the U.S. imposed sanctions on Wuhan Xiaoruizhi Science And Technology Company Ltd and two Chinese men, Ni Gaobin and Zhao Guangzong. The Treasury Department stated that officials from APT31, a subsidiary organization of the Chinese Ministry of State Security, established this company as a cover for targeting U.S. senior officials and their advisors, along with some of the most critical infrastructure sectors.