The U.S. Treasury Department has announced that it has identified three Chinese nationals and three Thailand-based companies that have played key roles in a cybercrime network. This network is being held responsible for a string of bomb threats and thefts of billions of dollars in COVID-19 pandemic aid from the U.S. government. On May 28, the Treasury Department announced that there was a link between this network and a malicious botnet titled “911 S5” that had compromised about 19 million unique IP addresses including 613,841 located in the United States. This allowed cybercriminals to conceal their digital tracks, aiding them in committing cyber-enabled fraud.
Brian Nelson, the Treasury’s Under Secretary for Terrorism and Financial Intelligence, has stated that the individuals in question used their malicious botnet technology to compromise personal devices. This enabled cybercriminals to fraudulently secure economic assistance that was intended for those in need and worse yet, they were able to terrorize American citizens with bomb threats. Despite these threats, the Treasury Department, in collaboration with the international community and law enforcement, will continue to take action to disrupt cybercriminals and other illegal actors who try to steal from American citizens.
According to the Treasury Department, cybercriminals submitted tens of thousands of fraudulent applications related to the Coronavirus Aid, Relief, and Economic Security Act programs by using the compromised IP addresses. This resulted in the loss of billions of dollars for the U.S. government. Moreover, these IP addresses were also linked to a series of bomb threats across the United States that date back to July of 2022.
Wang Yunhe, a 35-year-old Chinese national, has been identified as the primary administrator of the botnet service. A review of records from network infrastructure service providers that were known to be utilized by 911 S5 and two Virtual Private Networks (VPNs) called MaskVPN and DewVPN showed that Yunhe Wang was the registered subscriber to those providers’ services. The department mentioned that Liu Jinping, 58, was Mr. Wang’s co-conspirator in the laundering of criminally acquired proceeds, mainly in the form of “virtual currency,” generated from the botnet. They further stated that the virtual currency that 911 S5 users paid to Yunhe Wang was converted into U.S. dollars using over-the-counter vendors who wired and deposited funds into bank accounts held by Jingping Liu. Ms. Liu then used the money in the bank accounts to buy luxury real estate properties for Mr. Wang.
Zheng Yanni, a 50-year-old Chinese national, was identified as having acted as an attorney for Mr. Wang and his company, Spicy Code Company Limited. She also helped to purchase real estate on behalf of Mr. Wang, including a luxury beachfront condominium in Thailand.
Finally, Spicy Code Company, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited are the names of the three Thailand-based companies that were sanctioned by the Treasury Department. As a result of the sanctions, any assets held in the United States in their name are now frozen, and U.S. citizens are prohibited from doing business with them.
In conclusion, the United States will continue to act against cybercriminals who seek to exploit their financial system and defraud American taxpayers. This case serves as a reminder that the U.S. government will take necessary measures to protect its citizens and their hard-earned money
