U.S. Treasury Sanctions Chinese Entities Over Major Cybersecurity Breaches

On January 17, 2025, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced sanctions against Yin Kecheng, a cyber actor based in Shanghai, and Sichuan Juxinhe Network Technology Co., a cybersecurity company located in Sichuan province. Both are accused of engaging in cyber activities detrimental to U.S. national security.

Details of the Sanctions

Yin Kecheng is alleged to have been involved in a cyber intrusion that compromised the Treasury Department's network infrastructure. This breach allowed unauthorized access to sensitive, albeit unclassified, information, raising significant security concerns within the federal government.

Sichuan Juxinhe Network Technology Co. is accused of direct involvement with the Salt Typhoon cyber group, which has been implicated in compromising the network infrastructures of multiple major U.S. telecommunications and internet service provider companies. Salt Typhoon, believed to be affiliated with China's Ministry of State Security (MSS), has conducted extensive cyber espionage campaigns targeting the United States and other countries.

Implications of the Sanctions

The sanctions effectively prohibit U.S. individuals and entities from engaging in any business transactions with Yin Kecheng and Sichuan Juxinhe Network Technology Co. Additionally, any assets they hold within U.S. jurisdictions are subject to freezing. These measures aim to disrupt the financial networks supporting state-sponsored cyber threats and serve as a deterrent against future malicious cyber activities.

Context of the Cybersecurity Breaches

The Treasury Department's network breach, attributed to Yin Kecheng, involved unauthorized access to numerous workstations, including those of senior officials. This intrusion underscores the vulnerabilities within critical government infrastructure and the sophisticated tactics employed by state-affiliated cyber actors.

The activities of Salt Typhoon, associated with Sichuan Juxinhe Network Technology Co., represent one of the most significant cyber espionage campaigns in recent history. By infiltrating major U.S. telecommunications firms, the group accessed vast amounts of call-log data, unencrypted texts, and call audio from high-value targets. Notably, they also breached wiretap-surveillance systems at companies like Verizon and AT&T, potentially gaining insights into U.S. law enforcement and intelligence operations.

International Response and Future Outlook

The Chinese government has consistently denied involvement in such cyber activities, labeling U.S. accusations as unfounded. Despite these denials, the U.S. continues to bolster its cybersecurity defenses and collaborate with international allies to counteract state-sponsored cyber threats.

These sanctions reflect a broader strategy to hold individuals and entities accountable for cyberattacks that threaten national security. As cyber threats evolve, the U.S. government's response underscores the importance of robust cybersecurity measures and international cooperation in safeguarding critical infrastructure and sensitive information.