CSC News Table of Contents
Treasury Sanctions Cyber Actors Behind Treasury Network Breach: The Treasury has sanctioned cyber actors responsible for the recent breach of the Department of the Treasury’s network infrastructure.
This action, led by the Office of Foreign Assets Control (OFAC), targets Yin Kecheng, a Shanghai-based cyber actor, and Sichuan Juxinhe Network Technology Co., LTD., a cybersecurity company with ties to the malicious Salt Typhoon group.
These sanctions underline the growing threat from Chinese state-backed cyber activities, which continue to endanger U.S. government systems and critical infrastructure.
Key Takeaway to Treasury Sanctions Cyber Actors:
- Treasury Sanctions Cyber Actors: The U.S. Treasury is intensifying efforts to hold malicious cyber actors accountable for compromising national security.
Treasury Sanctions Cyber Actors for Hacking Treasury Networks
Who Is Involved?
The sanctions target two key entities:
- Yin Kecheng – A cyber actor affiliated with the People’s Republic of China (PRC) Ministry of State Security (MSS). Yin Kecheng has a decade-long history of cyber activities and was directly involved in the compromise of the Department of the Treasury’s network.
- Sichuan Juxinhe Network Technology Co., LTD. – A Chinese cybersecurity company linked to Salt Typhoon, a group responsible for numerous attacks on U.S. telecommunications and internet service providers since 2019.
What Did They Do?
The targeted actors:
- Breached U.S. Treasury IT systems, exposing sensitive data.
- Compromised multiple U.S. telecommunication networks.
- Conducted state-backed cyber activities that posed significant risks to U.S. national security and economic stability.
Easterly further disclosed that Salt Typhoon was initially detected on federal networks long before the cyber espionage group managed to infiltrate the systems of major telecommunication giants.
These companies included AT&T, Lumen Technologies, T-Mobile, Verizon, and several other internet service providers.
The early detection of federal systems highlighted the group’s sophisticated tactics, as they later expanded their operations to compromise critical infrastructure in the private sector.
This progression underscores the growing threat posed by state-backed cyber actors, who often target government systems as a precursor to broader, more damaging campaigns.
Salt Typhoon and Its Impact
Salt Typhoon, active since 2019, has escalated its operations significantly. This group, with ties to the MSS, exploited vulnerabilities in U.S. infrastructure to:
- Disrupt critical services.
- Extract sensitive information requiring costly remediation efforts.
Real-Life Example: Similar attacks, such as the SolarWinds breach in 2020, exposed vulnerabilities in U.S. systems.
Sanctions and Implications
Under Executive Order 13694, as amended, OFAC has blocked all U.S.-linked property and interests of these entities. These sanctions:
- Prohibit U.S. persons from transacting with designated entities.
- Block property owned by these actors within U.S. jurisdiction.
- Penalize violations with severe civil or criminal consequences.
The goal is not merely punitive but to prompt behavioral change, safeguarding U.S. systems and promoting global cybersecurity standards.
About Sichuan Juxinhe Network Technology Co., LTD.
Sichuan Juxinhe Network Technology Co., LTD. is a Chinese cybersecurity company with direct ties to the Salt Typhoon group and the MSS. Learn more about the company here.
Rounding Up
The Treasury’s actions highlight the increasing danger of state-backed cyber threats to national security. By holding cyber actors accountable, the U.S. aims to mitigate risks and promote a more secure digital environment.
As these threats evolve, global cooperation and robust cybersecurity measures remain crucial to counteract malicious activities.
FAQs
What is a Salt Typhoon?
- It is a Chinese cyber group linked to the MSS, which is responsible for compromising U.S. telecommunications and critical infrastructure.
What are the implications of these sanctions?
- They block U.S.-linked assets and prohibit transactions, ensuring entities face economic consequences.
Who is Yin Kecheng?
- A Shanghai-based cyber actor involved in the Treasury network breach and affiliated with the PRC’s Ministry of State Security.
What does Executive Order 13694 entail?
- It allows sanctions against entities engaging in malicious cyber activities that threaten U.S. security and stability.
How can individuals help?
- Report cyber threats and suspicious activities. Rewards for Justice offers up to $10 million for tips leading to the identification of malicious cyber actors. Visit their website for details.
