U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Linked to Silk Typhoon
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged ties to the Salt Typhoon group and the recent compromise of federal systems.
“People's Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including the recent targeting of Treasury's information technology (IT) systems, as well as sensitive U.S. critical infrastructure,” the Treasury stated in a press release.
Key Targets of the Sanctions
The sanctions specifically target Yin Kecheng, a cyber actor with over a decade of alleged affiliation with China's Ministry of State Security (MSS). Kecheng is linked to the breach of the Treasury’s network, which came to light earlier this month. The breach reportedly involved a hack of BeyondTrust’s systems, where threat actors leveraged a compromised Remote Support SaaS API key to infiltrate several SaaS instances.
This activity has been attributed to Silk Typhoon (formerly Hafnium), a nation-state hacking group also associated with the exploitation of Microsoft Exchange Server vulnerabilities (ProxyLogon) in 2021. Bloomberg reports that the attackers infiltrated over 400 Treasury computers, exfiltrating thousands of files, including sensitive documents on sanctions, foreign investments, and internal organizational data. High-profile targets included systems used by Secretary Janet Yellen and other senior Treasury officials.
Involvement of Sichuan Juxinhe Network Technology Co., LTD.
The sanctions also apply to Sichuan Juxinhe Network Technology Co., LTD., a cybersecurity firm accused of facilitating cyberattacks on major U.S. telecommunications and internet service providers. The Treasury links these activities to Salt Typhoon, another Chinese threat actor active since at least 2019 and known for targeting critical infrastructure.
“The MSS has maintained strong ties with multiple computer network exploitation companies, including Sichuan Juxinhe,” the Treasury noted.
Broader Implications and Response
The Department of State’s Rewards for Justice program is offering up to $10 million for information leading to the identification or location of individuals orchestrating state-sponsored cyber activities against U.S. critical infrastructure.
Deputy Treasury Secretary Adewale Adeyemo emphasized the department’s commitment to holding malicious cyber actors accountable, stating, “The Treasury Department will continue to use its authorities to protect the American people, our companies, and the government.”
FCC and CISA Reinforce Cybersecurity Measures
The Federal Communications Commission (FCC) has introduced new rules to bolster telecommunications network security. Outgoing chairwoman Jessica Rosenworcel described the hacks as “one of the largest intelligence compromises ever seen,” highlighting the need for robust cybersecurity measures. These rules include an annual certification requirement for communications service providers to ensure the implementation of comprehensive risk management plans.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), echoed these concerns, describing China’s cyber program as “the most serious and significant cyber threat to our nation, particularly U.S. critical infrastructure.”
No comments:
Post a Comment