The US government has announced sanctions against a Chinese organization linked to Salt Typhoon, the hacker group responsible for the largest telecom hack in US history.
The Treasury Department’s Office of Foreign Assets Control (OFAC) announced Friday that it had sanctioned a China-based cybersecurity company known as Sichuan Juxinhe Network Technology that it says is directly linked to the hacking group. Salt Typhoon supported by China.
Salt Typhoon was recently identified as having carried out the largest telecommunications attack in US history, having breached at least nine US telecommunications and internet providers, including AT&T and Verizon, to gain access to the private communications of officials senior US government and political figures.
Hackers have also hacked systems that law enforcement agencies use for court-authorized collection of customer data, potentially accessing sensitive data such as the identities of Chinese targets of US surveillance.
In its press release Friday, OFAC said Sichuan Juxinhe had “direct involvement in the exploitation of these US telecommunications companies and Internet service providers.”
Sanctioned Treasury Hackers
OFAC also announced sanctions against Yin Kecheng, a Shanghai-based cyber actor who US officials allege was responsible for the recent widespread hacking of the US Treasury.
The hack, which happened in late December, saw hackers use a private key stolen from BeyondTrust – a cyber security company that provides identity access technology to large organizations and government departments – to gain remote access to several workstations of Treasury employees.
The cyber attack allowed the hackers – another Chinese state-backed group known as Silk Typhoon – to target various departments within the US Treasury, including its sanctions office.
According to OFAC, Yin Kecheng has been a cyber actor for more than a decade and is linked to China’s Ministry of State Security, an intelligence and security agency responsible for the country’s foreign intelligence gathering.
US Treasury official Adewale O. Adeyemo said in a statement on Friday: “The Treasury Department will continue to use its authorities to hold accountable cyber malicious actors who target the American people, our companies and the United States government , including those who specifically targeted the Treasury Department.”
Earlier this month, the US government sanctioned another China-based cybersecurity company for its alleged ties to a government-backed hacking group known as Flax Typhoon. Treasury said the company, Integrity Technology Group, was involved in “multiple computer intrusion incidents against US victims,” including critical US infrastructure.
