The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has announced sanctions against a Chinese cybersecurity firm and a cyber actor based in Shanghai due to their alleged connections with the Salt Typhoon group and a recent breach of federal systems.
The Treasury stated that malicious cyber activities linked to the People’s Republic of China (PRC) persistently target U.S. government networks, including recent intrusions into Treasury’s IT systems and critical infrastructure.
The sanctions specifically name Yin Kecheng, identified as a cyber actor with over a decade of affiliation with China’s Ministry of State Security (MSS). Kecheng is believed to be connected to a recent breach of Treasury’s network.
A separate hacking incident involved BeyondTrust, where attackers compromised its systems, utilizing a stolen Remote Support SaaS API key to infiltrate its services. This activity is attributed to the Silk Typhoon group, which has previously exploited multiple vulnerabilities in Microsoft Exchange Server in early 2021.
According to Bloomberg, the attackers infiltrated at least 400 Treasury computers, acquiring over 3,000 sensitive files, including travel documents, organizational structures, and sensitive data pertaining to law enforcement. Unauthorized access was also gained to the computers of Treasury officials like Secretary Janet Yellen and Deputy Secretary Adewale Adeyemo.
Furthermore, the sanctions extend to Sichuan Juxinhe Network Technology Co., LTD., a cybersecurity firm in Sichuan, linked to a series of cyberattacks against major U.S. telecommunications providers. This group, known as Salt Typhoon, has reportedly been active since 2019 and maintains strong ties with the MSS.
In response to the ongoing cyber threats, the Department of State’s Rewards for Justice program is offering up to $10 million for information leading to the identification of individuals engaged in state-sponsored cyber activities targeting U.S. infrastructure. The Federal Communications Commission (FCC) has also implemented new regulations to improve network security following these intrusions.
