U.S. issues sanctions for attack on Treasury and communications providers

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on a Chinese cybersecurity company and a Shanghai-based individual for their involvement in a cyberattack on its own network and multiple U.S. telecommunications and broadband providers.

The sanctions target Yin Kecheng, a Shanghai-based cyber actor affiliated with China's Ministry of State Security (MSS). According to the Treasury’s statement, this individual was heavily involved in the recent compromise of the Treasury’s network, an attack attributed to a Chinese state-sponsored cyber actor known as Silk Typhoon.

Stay on top of emerging threats.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

It’s believed that during the attack, Silk Typhoon stole over 3,000 files from 400 computers belonging to the Treasury, including policy and travel documents, organizational charts, material on sanctions and foreign investment, and ‘Law Enforcement Sensitive’ data. It’s believed the group also accessed computers used by the Secretary, Deputy Secretary, and Acting Under Secretary of the Treasury and material related to investigations run by the Committee on Foreign Investment.

The sanctions also target China-based Sichuan Juxinhe Network Technology, a cybersecurity company. According to the Treasury, the company was directly involved in cyberattacks aimed at major U.S. telecommunication and internet service providers. These attacks were attributed to a Chinese state-sponsored cyber actor known as Salt Typhoon, who potentially gained access to the metadata associated with the communications of millions of Americans and conversations that were intercepted during warranted law enforcement operations.

Source: The Hacker News

Analysis

It has been a busy start to the year for the U.S. Treasury Department’s OFAC. On January 17, 2025, the OFAC imposed sanctions on two individuals and four entities linked to schemes that used North Korean IT workers to generate illicit revenue and obtain sensitive information for the North Korean government. Two weeks earlier, the OFAC also issued sanctions on a Beijing-based cybersecurity company, Integrity Technology Group, for its role in orchestrating several cyberattacks against U.S. victims.

Collectively, the sanctions serve to notify countries sponsoring malicious cyber activities against U.S.-based networks that the U.S. takes these threats seriously and won’t hesitate to economically punish those involved. It’s likely that the U.S. is also taking less public measures, such as diplomatic demarches, to convey to foreign governments, namely China and North Korea, that continued cyberattacks on U.S. infrastructure will have serious financial and diplomatic consequences.

Mitigation

Field Effect’s Security Intelligence team constantly monitors the cyber threat landscape for threats from advanced cyber actors engaging in malicious activities, including Chinese state-sponsored actors. This research contributes to the timely deployment of signatures into Field Effect MDR to detect and mitigate the risk these groups pose.

Field Effect MDR users are automatically notified when various types of malicious activities are detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.

Related Articles

• U.S. Treasury sanctions North Korea’s IT warriors
• Attribution of Ukraine cyber attacks to GRU unit 'Cadet Blizzard'