US Sanctions Chinese Firm Linked to Treasury Cyber Hack
U.S. Treasury Sanctions Chinese Cybersecurity Firm Over Malicious Cyber Activity
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has implemented significant sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor, citing their involvement with the notorious Salt Typhoon group. This action comes in the wake of a serious breach of the Treasury’s information technology systems, highlighting ongoing threats from state-sponsored cyber actors linked to the People’s Republic of China (PRC).
Details of the Sanctions Against Chinese Cyber Actors
The sanctions specifically target Yin Kecheng, identified as a long-time cyber actor connected to China’s Ministry of State Security (MSS). According to the Treasury’s press release, Kecheng has been associated with recent cyber intrusions into federal networks, including the Treasury Department itself, which were uncovered earlier this month.
-
Breach Overview: The breach involved a hack of BeyondTrust’s systems, allowing attackers to access various Remote Support Software (SaaS) instances through a compromised API key. This incident has been attributed to the Silk Typhoon group, previously known as Hafnium, which exploited vulnerabilities in Microsoft Exchange Server in early 2021.
- Extent of the Attack: Bloomberg reports that the attackers infiltrated over 400 computers within the Treasury, stealing more than 3,000 sensitive files, including policy documents and data related to sanctions and foreign investments. Notably, they gained access to computers used by high-ranking officials, including Secretary Janet Yellen.
Impact of the Sanctions on Cybersecurity Efforts
The sanctions also target Sichuan Juxinhe Network Technology Co., LTD., a cybersecurity firm implicated in cyberattacks against major U.S. telecommunications and internet service providers. This company is linked to the Salt Typhoon hacking group, which is believed to have been active since at least 2019.
The Treasury highlighted the MSS’s close relationships with various cyber exploitation companies, including Sichuan Juxinhe. In response to these escalating threats, the Department of State’s Rewards for Justice program is offering up to $10 million for information leading to the identification of individuals engaged in malicious cyber activities against U.S. critical infrastructure.
Strengthening Cybersecurity Regulations Following Attacks
In light of these breaches, the Federal Communications Commission (FCC) has announced new regulations aimed at enhancing cybersecurity measures for U.S. telecom service providers. Outgoing FCC chairwoman Jessica Rosenworcel referred to these hacks as "one of the largest intelligence compromises ever seen."
- New FCC Requirements: The FCC is proposing that communication service providers submit annual certifications verifying that they have implemented effective cybersecurity risk management plans to mitigate future attacks.
Earlier this week, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), emphasized the seriousness of the cyber threat posed by China, labeling their sophisticated cyber program as the most significant threat to U.S. critical infrastructure.
Ongoing Efforts to Combat Cyber Threats
The recent sanctions are part of a broader strategy by the Treasury to counter malicious cyber activities linked to Chinese threat actors. Previous sanctions have included actions against companies like Integrity Technology Group and Sichuan Silence Information Technology.
The U.S. government continues to take proactive measures to safeguard its networks and critical infrastructure against foreign cyber threats.
Join the Conversation
What are your thoughts on the recent sanctions against Chinese cyber actors? Share your insights and stay updated by following us on Twitter and LinkedIn for more exclusive content.