The U.S. government has sanctioned two entities connected to Chinese cyberattacks on U.S. systems. These sanctions target Yin Kecheng, a Shanghai-based hacker, and Sichuan Juxinhe Network Technology, a cybersecurity firm, accused of playing key roles in breaches of the U.S. Treasury Department and at least nine telecommunications companies.
On December 8, the Treasury learned about a breach after a third-party service provider, BeyondTrust, discovered hackers had stolen a critical key used to secure cloud-based services. This allowed the attackers to bypass security measures and access several employee workstations.
Hackers Target Treasury Department
The sanctioned hackers, including Yin Kecheng, are affiliated with China’s Ministry of State Security (MSS). Yin is accused of being involved in breaching the Treasury Department’s network, where sensitive files were accessed, including data related to sanctions. However, hackers couldn’t infiltrate the department’s email system or classified files. U.S. officials believe over 400 devices, including computers belonging to top Treasury officials, were compromised.
The U.S. State Department is offering up to $10 million for information leading to Kecheng’s identification. U.S. officials have stated that this breach highlights vulnerabilities, even after substantial security investments following the 2020 SolarWinds cyberattack.
The Salt Typhoon Campaign
Sichuan Juxinhe Network Technology has been directly involved with the Salt Typhoon cyber group, responsible for multiple attacks on U.S. telecommunications companies. The Salt Typhoon campaign has escalated over time, with recent attacks targeting sensitive infrastructure, including government phone systems and private company networks. This cyber espionage campaign has been one of the most significant Chinese cyber activities against U.S. targets, leading to more sanctions and heightened cybersecurity measures.
The Federal Communications Commission (FCC) has also acted by enforcing stricter cybersecurity rules for telecom companies, requiring them to submit annual certifications about their cybersecurity preparedness.
Global Action Against Cyber Threats
These sanctions are part of a broader strategy by the U.S. government to hold China accountable for malicious cyber activities. The U.S. is sharing information on how to recognize and prevent similar intrusions worldwide, ensuring global networks are better protected against future attacks.
The Treasury Department has emphasized the ongoing threat posed by Chinese-backed hackers and is working with international partners to combat these cyber threats. The U.S. government continues to use all available resources to protect critical infrastructure and national security.