The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged ties to the Salt Typhoon group and the recent compromise of a federal agency.
“Cyber attackers associated with the People’s Republic of China (PRC) continue to target US government systems, including the recent attack on the Treasury Department’s information technology (IT) systems, as well as sensitive critical US infrastructure,” the Treasury Department said in a statement. said in a press release.
The sanctions target Yin Kecheng, who is estimated to have been a cyber actor for more than a decade and is linked to China’s Ministry of State Security (MSS). Kecheng, according to the Treasury, was associated with breach of own network which became known at the beginning of this month.
A. participated in the incident hacking BeyondTrust systems which allowed threat actors to infiltrate some instances of the company’s Remote Support SaaS using a compromised Remote Support SaaS API key. The activity was attributed to a national group called Silk Typhoon (formerly Hafnium), which was linked to exploiting multiple security flaws (aka ProxyLogon) in Microsoft Exchange Server in early 2021.
According to A a recent report According to Bloomberg, attackers hacked at least 400 computers belonging to the Treasury Department and stole more than 3,000 files, including policy and travel documents, organizational charts, materials on sanctions and foreign investment, and data that has relationship with law enforcement agencies.
They also won unauthorized access to computers were used by Secretary Janet Yellen, Under Secretary Adewale Adeyema, and Acting Under Secretary Bradley T. Smith, as well as materials on investigations conducted by the Committee on Foreign Investment in the United States, are attached to the report.
Silk Typhoon is believed to overlap with a cluster tracked by Google-owned Mandiant under the alias UNC5221the China-Nexus espionage actor known for its extensive arsenal of Ivanti zero-day vulnerabilities. Hacker News has reached out to Mandiant for further comment and we will update when we hear back.
The sanctions also target Sichuan Juxinhe Network Technology Co., LTD., a cybersecurity company based in Sichuan that the Treasury Department says was directly involved in a series of cyberattacks targeting major U.S. telecommunications and Internet providers in the country.
This activity was linked to another Chinese hacking group Salt typhoon (aka Earth Estries, FamousSparrow, GhostEmperor and UNC2286). The threat is believed to have been active since at least 2019.
“MSS maintains close ties with many companies involved in the operation of computer networks, including Sichuan Juxinhe,” the Ministry of Finance said.
Special mention should be made of the State Department’s justice award program proposal a reward of up to $10 million for information leading to the identification or location of any person acting at the direction or control of a foreign-sponsored adversary who engages in malicious cyber activity against US critical infrastructure in violation of the Computer Security Act fraud and abuse.
“The Treasury Department will continue to use its authority to prosecute cybercriminals who target the American people, our companies, and the United States government, including those who specifically target the Treasury Department,” Adeyema said in a statement.
Attacks on US telecommunications service providers have since prompted the Federal Communications Commission (FCC). question new regulations requiring companies operating in the sector to protect their networks from illegal access or interception of communications. Outgoing FCC Chairman Jessica Rosenwortzel described the hacks as “one of the largest data compromises ever seen.”
“This action is accompanied by a proposal to require communications service providers to provide annual certification to the FCC that they have established, updated, and implemented a cybersecurity risk management plan that will fortify communications against future cyberattacks,” the FCC said. .
Earlier this week, Jen Easterly, director of the Cyber Security and Infrastructure Security Agency (CISA), said “China’s sophisticated and resource-rich cyber program represents the most serious and significant cyber threat to our country and, in particular, to US critical infrastructure.”
Easter too revealed that Salt Typhoon was first discovered on federal networks, long before the cyber-espionage group penetrated the networks of AT&T, Lumen Technologies, T-Mobile, Verizon and other providers.
This is just the latest in a long list of steps taken by the Treasury Department in an attempt to combat the malicious cyber activity of Chinese threats. Three more companies were previously sanctioned by the agency, Integrity Technology Group (Linen typhoon), Sichuan Information Technology of Silence (Pacific Rim), and Wuhan Xiaoruizhi Science and Technology Company (APT31).
