Advertisement

U.S. sanctions Chinese nationals behind massive 911 S5 botnet

The Treasury under Secretary Janet Yellen on Tuesday sanctioned three people and three companies tied to the infamous 911 S5 botnet. Photo by Annabelle Gordon/UPI
The Treasury under Secretary Janet Yellen on Tuesday sanctioned three people and three companies tied to the infamous 911 S5 botnet. Photo by Annabelle Gordon/UPI | License Photo

May 28 (UPI) -- The Biden administration on Tuesday sanctioned three Chinese nationals behind the massive 911 S5 botnet that officials said was used to grift billions of COVID-19 assistance funds from the U.S. government.

The 911 S5 was a malicious service that comprised victims' computers, allowing cybercriminals to conceal the location of their own computers. According U.S. Treasury, cybercriminals would pay to choose which IP addresses of compromised computers to spoof the origins of their cyberattacks.

Advertisement

Some 19 million IP address were compromised by 911 S5, which were used to file tens of millions of Coronavirus Aid, Relief and Economic Security Act applications, seeing billions stolen from the U.S. government, the Treasury said.

Compromised addresses were also linked to several bomb threats made in the U.S. in July 2022.

On Tuesday, the Treasury sanctioned Yunhe Wang, 35, on accusations of being 911 S5's primary administrator as well as three Thailand-based companies he owns.

Jingping Liu, 58, was also hit for laundering proceeds from the botnet, as was Yanni Zheng, 50, Wang's attorney who is also accused of participating in numerous business transactions on his behalf in Thailand.

"These individuals leveraged their malicious botnet technology to compromise personal devices, enabling cybercriminals to fraudulently secure economic assistance intended for those in need and to terrorize our citizens with bomb threats," Under Secretary of the Treasury Brian Nelson said in a statement.

Advertisement

The sanctions freeze all U.S. assets held in their name and bar U.S. persons from doing business with them.

The announcement comes after the FBI in January disrupted a China-backed malware infestation of hundreds of routers the U.S. said was being used to spy on U.S. critical infrastructure.

Latest Headlines