Treasury Sanctions Salt Typhoon Hackers - US Telecom Breaches

Sanctions Imposed on Chinese Firm Linked to Major U.S. Telecom Hack

The United States government has declared sanctions against a Chinese entity connected to the hacking group Salt Typhoon. This group is known for perpetrating the most extensive telecommunications breach recorded in U.S. history.

OFAC Sanctions Sichuan Juxinhe Network Technology

The Treasury Department’s Office of Foreign Assets Control (OFAC) revealed on Friday the sanctioning of Sichuan Juxinhe Network Technology, a cybersecurity company based in China. OFAC asserts a direct association between this company and the China-affiliated Salt Typhoon hacking group.

Details of the Salt Typhoon Hack

Salt Typhoon was recently identified as the perpetrator of the largest telecommunications hack in U.S. history. The group successfully infiltrated a minimum of nine U.S. telecommunications and internet service providers.

Among the compromised companies were industry giants like AT&T and Verizon. The intrusion allowed access to confidential communications belonging to high-ranking U.S. government officials and prominent political figures.

Compromised Law Enforcement Systems

The hacking extended to systems utilized by law enforcement for legally authorized data collection. This raises concerns about potential access to sensitive information, including the identities of individuals of Chinese origin who are subjects of U.S. surveillance.

Sichuan Juxinhe’s Role in the Exploitation

According to OFAC’s statement released on Friday, Sichuan Juxinhe demonstrated “direct involvement in the exploitation of these U.S. telecommunication and internet service provider companies.”

Salt Typhoon represents a significant cybersecurity threat, and these sanctions aim to disrupt their operations and hold those responsible accountable.

Cyberattackers Targeting U.S. Treasury Face Sanctions

The Office of Foreign Assets Control (OFAC) has announced sanctions against individuals involved in cyberattacks against the U.S. Treasury. Among those sanctioned is Yin Kecheng, a cyber operator located in Shanghai.

U.S. authorities attribute the recent, extensive breach of the U.S. Treasury to Yin Kecheng’s activities. This intrusion occurred in late December and exploited a compromised private key.

The stolen key originated from BeyondTrust, a cybersecurity firm specializing in identity access technology for both large enterprises and governmental bodies. This allowed unauthorized remote access to Treasury employee workstations.

The cyberattack was carried out by a China-linked group identified as Silk Typhoon. They successfully targeted multiple departments within the U.S. Treasury, including the office responsible for sanctions enforcement.

OFAC reports that Yin Kecheng has engaged in cyber operations for more than ten years. He is reportedly connected to China’s Ministry of State Security, the nation’s primary foreign intelligence agency.

Adewale O. Adeyemo, a U.S. Treasury official, stated on Friday that the department will persistently employ its powers to hold accountable those who perpetrate malicious cyber activities. This includes attacks targeting American citizens, businesses, and government institutions, particularly those directed at the Treasury itself.

Previously this month, the U.S. government imposed sanctions on another China-based cybersecurity company. This action stemmed from alleged connections to a state-sponsored hacking group known as Flax Typhoon.

The company, Integrity Technology Group, was identified by the Treasury as having participated in “numerous computer intrusion incidents” impacting U.S. entities. These incidents specifically targeted critical infrastructure within the United States.

Details of the Cyberattack

• The breach occurred in late December.
• A private key was stolen from BeyondTrust.
• The Silk Typhoon group was responsible for exploiting the access.
• The attack targeted the Treasury’s sanctions office.

The U.S. government views these cyberattacks as a significant threat to national security and economic stability. Continued vigilance and proactive measures are being emphasized.