U.S. Sanctions Three Chinese Nationals for Alleged Connection to 911 S5 Botnet

U.S. Sanctions Three Chinese Nationals for Alleged Connection to 911 S5 Botnet

The United States government has sanctioned three Chinese nationals for their alleged roles in running the 911 S5 proxy service, which consisted of compromised machines that the network’s operators rented out to cybercriminals as proxies through which they could connect to the Internet and hide their identities.

The Department of the Treasury’s Office of Foreign Asset Control on Tuesday announced sanctions against Yunhe Wang, Jingping Liu, and Yanni Zheng, and also against three companies allegedly controlled by Wang, Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited.

“These individuals leveraged their malicious botnet technology to compromise personal devices, enabling cybercriminals to fraudulently secure economic assistance intended for those in need and to terrorize our citizens with bomb threats,” said Under Secretary Brian E. Nelson. “Treasury, in close coordination with our law enforcement colleagues and international partners, will continue to take action to disrupt cybercriminals and other illicit actors who seek to steal from U.S. taxpayers.”

The 911 S5 network was essentially a botnet made up of compromised computers and the operators allowed customers to proxy their Internet connections through those machines. In some cases, the customers used the service to submit fraudulent claims through the various COVID-19 relief programs run by the federal government. The botnet also was connected to some bomb threats made in 2022 in various locations in the U.S. Researchers from the University of Sherbrooke in Canada detailed the operations of the 911 S5 network in 2022, along with the operations of other similar services.

As part of the sanctions, OFAC said that Wang was the main operator of the 911 S5 network, while Liu was allegedly in charge of the financial side of the business.

“The virtual currency that 911 S5 users paid to Yunhe Wang were converted into U.S. dollars using over-the-counter vendors who wired and deposited funds into bank accounts held by Jingping Liu. Jingping Liu assisted Yunhe Wang by laundering criminally derived proceeds through bank accounts held in her name that were then utilized to purchase luxury real estate properties for Yunhe Wang,” the OFAC statement says.

Zheng, meanwhile, allegedly assisted Wang in buying luxury properties. The OFAC sanctions mean that U.S. persons or companies can not do business with the sanctioned entities or people.

Go to Source