The U.S. Treasury Department has sanctioned a Chinese cybersecurity firm and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon hacking group. The group is accused of compromising the Treasury’s IT systems and targeting sensitive U.S. critical infrastructure. Yin Kecheng, a cyber actor affiliated with China’s Ministry of State Security (MSS), was associated with the Treasury hack that came to light earlier this month.
The hackers infiltrated the Treasury’s Remote Support SaaS instances using a compromised API key. They broke into over 400 computers, stole more than 3,000 files, and accessed systems used by high-level officials.
us sanctions Chinese firm over hack
The sanctions also target Sichuan Juxinhe Network Technology Co., LTD., a Sichuan-based cybersecurity company allegedly involved in cyberattacks on major U.S. telecommunication and internet service provider companies. The MSS is said to have strong ties with multiple computer network exploitation companies, including Sichuan Juxinhe. Deputy Secretary Adewale Adeyemo stated, “The Treasury Department will continue to use its authorities to hold accountable malicious cyber actors who target the American people, our companies, and the United States government, including those who have targeted the Treasury Department specifically.”
The Federal Communications Commission (FCC) has introduced new rules requiring companies in the telecom sector to secure their networks from unlawful access or interception of communications.
FCC chairwoman Jessica Rosenworcel described the hacks as “one of the largest intelligence compromises ever seen.”
These designations are part of the Treasury’s ongoing efforts to combat malicious cyber activity by Chinese threat actors. The Department of State’s Rewards for Justice program is offering a reward of up to $10 million for information leading to the identification or location of individuals engaging in malicious cyber activities against U.S. critical infrastructure at the direction of a foreign state-sponsored adversary.
