The recent breach of the Department of Treasury’s network by a cyber actor based in Shanghai has prompted the Department of the Treasury’s Office of Foreign Assets Control (OFAC) to take action. OFAC announced that it is sanctioning Yin Kecheng, the individual responsible for the breach, in an effort to combat malicious cyber activity by the People’s Republic of China (PRC) and PRC-backed actors.
In addition to Yin Kecheng, OFAC is also imposing sanctions on Sichuan Juxinhe Network Technology, a cybersecurity company based in Sichuan that has ties to Salt Typhoon, a Chinese state-backed cybercriminal group. This group has been involved in compromising major US telecommunications companies and ISPs. These designations are part of a series of moves made by the Treasury to address cyber threats emanating from China.
Previous sanctions have targeted groups like Integrity Technology Group, known for its association with Flax Typhoon activity, as well as Sichuan Silence Information Technology and Wuhan Xiaoruizhi Science and Technology. By imposing sanctions on these entities, the Treasury Department aims to hold accountable those who engage in malicious cyber activities targeting the American people, companies, and government.
“The Treasury Department will continue to use its authorities to hold accountable malicious cyber actors who target the American people, our companies, and the United States government, including those who have targeted the Treasury Department specifically,” said Adewale Adeyemo, deputy secretary of the Treasury Department.
The US Department of State’s Rewards for Justice program is also taking action by offering up to $10 million for any information leading to the identification or location of individuals engaging in malicious cyber activities against US critical infrastructure under the direction of a foreign government. This initiative is part of a broader effort to enhance cybersecurity and protect vital national interests.
The escalating tensions in cyberspace underscore the growing importance of defending against cyber threats and holding accountable those responsible for malicious cyber activities. As the US government seeks to safeguard its networks and critical infrastructure, it remains vigilant in identifying and countering cyber threats posed by hostile actors, both state-sponsored and criminal in nature. The sanctions imposed by OFAC serve as a warning to those who seek to undermine US cybersecurity and national security interests.