In a bold move against cyber threats, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has announced sanctions against a Chinese cybersecurity firm and a Shanghai-based cyber actor for their involvement in a sophisticated hack tied to the notorious Silk Typhoon group.
Cyber Espionage Targets U.S. Treasury and Critical Infrastructure
The Treasury Department revealed in a press release that People's Republic of China (PRC)-linked cyber actors have systematically targeted U.S. government systems and critical infrastructure. These activities include a recent breach of Treasury's IT systems, a major cybersecurity incident linked to China's Ministry of State Security (MSS).
Who is Yin Kecheng?
Yin Kecheng, identified as a seasoned cyber actor associated with MSS, has been accused of orchestrating the Treasury breach. According to OFAC, Kecheng exploited a compromised Remote Support SaaS API key from BeyondTrust's systems, infiltrating SaaS instances. The attack is attributed to Silk Typhoon (formerly Hafnium), infamous for the 2021 ProxyLogon vulnerability in Microsoft Exchange Server.
Scope of the Treasury Hack
A recent Bloomberg report sheds light on the breach's magnitude, revealing that over 400 Treasury computers were compromised. Hackers stole 3,000+ files, including sensitive materials such as:
- Policy and travel documents
- Organizational charts
- Data on sanctions and foreign investments
- 'Law Enforcement Sensitive' files
Even high-level officials like Secretary Janet Yellen and Deputy Secretary Adewale Adeyemo were reportedly affected.
Sichuan Juxinhe Network Technology Co.: A Key Player in Cyber Attacks
OFAC's sanctions also target Sichuan Juxinhe Network Technology Co., a Sichuan-based cybersecurity firm implicated in cyber attacks on major U.S. telecom and internet service providers. The firm is allegedly linked to another Chinese cyber-espionage group, Salt Typhoon (aka Earth Estries, GhostEmperor, and UNC2286), active since 2019.
Collaboration with MSS
According to the Treasury, Sichuan Juxinhe maintains strong ties with MSS, emphasizing the Chinese government's reliance on private firms for cyber-espionage operations.
Rewards for Justice Program: $10 Million Bounty
The U.S. State Department’s Rewards for Justice program is offering up to $10 million for information leading to the identification or location of individuals working under foreign state-sponsored adversaries targeting U.S. infrastructure.
FCC and CISA Respond to Escalating Cyber Threats
The escalating threats have prompted the Federal Communications Commission (FCC) to implement stringent cybersecurity rules for telecom providers. FCC Chairwoman Jessica Rosenworcel described the hacks as one of the largest intelligence compromises in history, urging companies to submit annual certifications for robust cybersecurity risk management.
Meanwhile, Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), called China's cyber program the "most serious and significant cyber threat" to U.S. critical infrastructure.
The Bigger Picture: Treasury’s Counter-Cyber Moves
The latest sanctions add to the Treasury's efforts to combat malicious Chinese cyber activities. Previous sanctions have targeted other MSS-linked firms, including Integrity Technology Group (Flax Typhoon), Sichuan Silence Information Technology (Pacific Rim), and Wuhan Xiaoruizhi Science and Technology Company (APT31).
With these measures, the U.S. underscores its commitment to safeguarding national security against state-sponsored cyber threats.