US sanctions three Chinese nationals for alleged connection to 911 S5 botnet

The U.S. government sanctioned three Chinese nationals for their alleged role in running the 911 S5 proxy service, which consisted of compromised machines that network operators rented to cybercriminals as proxies through which they could connect to the Internet and hide their identities .

The Treasury Department's Office of Foreign Assets Control on Tuesday announced sanctions against Yunhe Wang, Jingping Liu and Yanni Zheng, as well as three companies allegedly controlled by Wang, Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited and Lily Suites . Limited liability company.

“These individuals leveraged their malicious botnet technology to compromise personal devices, allowing cybercriminals to fraudulently obtain economic assistance intended for those in need and terrorize our citizens with bomb threats,” said the Undersecretary Brian E. Nelson. “Treasury, in close coordination with our law enforcement colleagues and international partners, will continue to take action to disrupt cybercriminals and other illicit actors who seek to steal from American taxpayers.”

The 911 S5 network was essentially a botnet made up of compromised computers and the operators allowed customers to proxy their Internet connections through these machines. In some cases, customers have used the service to submit fraudulent claims under the various COVID-19 relief programs run by the federal government. The botnet was also linked to some bomb threats made in 2022 in various locations in the United States. Researchers from the University of Sherbrooke in Canada have detailed the operations of the 911 S5 network in 2022, as well as those of other similar services.

As part of the sanctions, OFAC said Wang was the main operator of the 911 S5 network, while Liu would be in charge of the financial side of the business.

“The virtual currency that 911 S5 users paid to Yunhe Wang was converted into US dollars through over-the-counter sellers who wired and deposited funds into bank accounts held by Jingping Liu. Jingping Liu assisted Yunhe Wang by laundering the proceeds of crime through bank accounts held in his name which were then used to purchase luxury real estate properties for Yunhe Wang,” the OFAC statement said.

Zheng, meanwhile, allegedly helped Wang buy luxury properties. OFAC sanctions mean that U.S. individuals or companies cannot do business with the sanctioned entities or individuals.