China NewsUS-China RelationsThreat from Communist China

US Sanctions Chinese Firm Over Treasury Breach

The action is part of a U.S. operation to counter ‘increasingly reckless cyber activity’ from Beijing, Treasury officials said.
Save
US Sanctions Chinese Firm Over Treasury Breach
A member of the hacking group Red Hacker Alliance who refused to give his real name, uses a website that monitors global cyberattacks on his computer at their office in Dongguan, Guangdong Province, China, on Aug. 4, 2020. Nicolas Asfouri/AFP via Getty Images
Eva Fu
Updated:
0:00

The United States on Jan. 17 sanctioned a Chinese cyber actor and a cybersecurity firm, accusing both of aiding the recent hack into the Treasury Department and the intrusion into major U.S. telecom providers.

The Chinese cyber actor identified is Yin Kecheng, a decade-long hacker from Shanghai who officials said is affiliated with the top Chinese espionage agency, the Ministry of State Security.

The sanction also applies to Sichuan Juxinhe Network Technology, a cybersecurity company based in southwestern China, due to its direct ties with the Chinese state-sponsored hacking group Salt Typhoon. The group is responsible for a massive operation compromising at least nine U.S. telecom companies, allowing Beijing access to private conversations of senior American political figures, U.S. officials have said.

The action represents the latest in a series from the U.S. agency to combat what it describes as “increasingly reckless cyber activity” from Beijing targeting the United States and allies.

Following the announcement of the sanctions, the State Department put out a reward of up to $10 million for information that could help identify or locate anyone engaging in “certain malicious cyber activities against U.S. critical infrastructure” at the behest of a foreign state. The department said it’s also sharing information with countries worldwide on identifying a Chinese cyber breach in their systems and hardening their networks.

The Salt Typhoon group has been active since at least 2019 and has orchestrated “numerous” U.S. communication sector breaches, according to the Treasury Department’s Office of Foreign Assets Control. Its recent campaigns impacted telecom networks, such as AT&T and Verizon, and dozens of countries. The hackers broke into Treasury Department workstations and stole certain unclassified documents.
Related Stories
FBI, DOJ Delete Chinese Malware From Thousands of US Computers in Court-Authorized Operation
FBI, DOJ Delete Chinese Malware From Thousands of US Computers in Court-Authorized Operation
US Expands Cyber Countermeasures as List of China Telecom Hack Victims Grows
US Expands Cyber Countermeasures as List of China Telecom Hack Victims Grows
Officials in their investigation found that the group has targeted high-ranking government officials and people in senior political positions, prompting them to warn such individuals to switch to end-to-end encrypted communications.

“These intrusions into U.S. government systems and critical infrastructure are examples of the PRC’s willingness to operate in a malicious and reckless manner in cyberspace,” State Department spokesperson Matthew Miller said in a statement, referring to the People’s Republic of China using its acronym.

The action on Friday will direct authorities to block all U.S. property and interests of the two. Any entities they own, either directly or indirectly, that constitute 50 percent or more—individually or collectively—will be subjected to a ban. Neither Yin nor the Sichuan firm will be permitted to conduct transactions within the United States.

Deputy Treasury Secretary Adewale Adeyemo said the department will continue to “hold accountable malicious cyber actors who target the American people, our companies, and the United States government, including those who have targeted the Treasury Department specifically.”

The U.S. Department of the Treasury in Washington on Jan. 14, 2025. (Madalina Vasiliu/The Epoch Times)
The U.S. Department of the Treasury in Washington on Jan. 14, 2025. Madalina Vasiliu/The Epoch Times

The agency also cited a 2024 annual threat assessment from the Office of the Director of National Intelligence, which said China “remains the most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks.”

The Treasury, in the past year, has taken action against several other Chinese cyber intruders.

The latest one in January targeted Beijing-based Integrity Technology Group, a Chinese state contractor that provided infrastructure for the hacking group Flax Typhoon between the summer of 2022 and the fall of 2023.

In December 2024, it sanctioned Sichuan Silence Information Technology Company and one of its employees for breaching tens of thousands of firewalls worldwide.

In March 2024, the Justice and Treasury authorities took joint measures against members of China’s state-backed APT31 group, saying they have engaged in a 14-year-long campaign that has victimized thousands, including senior White House officials, senators from at least 10 states, as well as the departments of Justice, Commerce, Treasury, and State.
On Jan. 14, the Department of Justice revealed it has worked with the FBI to delete China-linked malware from thousands of U.S. computers. The malware spread through USB ports and gave hackers access to IP addresses and other details about the infected computer. It can also upload, download, move, and delete files.
Eva Fu
Eva Fu
Reporter
Eva Fu is a New York-based writer for The Epoch Times focusing on U.S. politics, U.S.-China relations, religious freedom, and human rights. Contact Eva at [email protected]
twitter