U.S. Issues Sanctions Linked to Telecom, Treasury Breaches

The U.S. is sanctioning a Shanghai-based actor linked to the December compromise of the Treasury Department, as well as a Sichuan-based cybersecurity company involved with the Salt Typhoon group, which was behind the major U.S. telecom breaches in 2024.

Why It Matters: Over the last few months, the U.S. has grappled with what the Treasury Department describes as “increasingly reckless” espionage threats from Chinese actors. The pair of sanctions announced this week indicate the U.S. government’s attempts to hit back at the actors, but concerns remain about how the threat actors were able to carry out these high-profile attacks in the first place. 

Key Details:

• The Treasury Department sanctioned Yin Kecheng, saying the individual has worked for over a decade as a cyber actor, is affiliated with the PRC’s Ministry of State Security, and was associated with the Treasury’s Departmental Offices network. 

• Also sanctioned was Sichuan Juxinhe Network Technology Co., LTD, which the U.S. said had direct involvement with the Salt Typhoon U.S. telecom breach last year that allowed threat actors to spy on private communications of political figures and high-profile U.S. individuals

• According to the Treasury Department, the Ministry of State Security “maintained strong ties” with this company and other network exploitation companies

The Big Picture: The sanctions effectively block all transactions between U.S. people and these entities and individuals, and block all property of the designated people in the U.S. or in possession by U.S. people. They also follow sanctions from the Treasury Department earlier in January on a Beijing-based cybersecurity company that has been publicly attributed to the Chinese state-sponsored group Flax Typhoon.

Overall, the U.S. is trying to weed out more people linked to the networks of these Chinese espionage actors, and the State Department’s Rewards for Justice program on Friday said it is offering a reward of up to $10 million for information leading to the identification of people engaging in “certain malicious cyber activities against U.S. critical infrastructure.”

The Background: These sanctions may identify affiliated groups and individuals, but they don’t fully address many issues linked to the still-unfolding pairs of Chinese threat actor attacks on major U.S. targets last year. 

U.S. lawmakers are still demanding information after hackers targeted the Treasury Department in December, in order to access unclassified documents and Treasury workstations. According to a new Bloomberg report, the hackers in this attack accessed the computer of Janet Yellen, Secretary of the Treasury, in order to obtain fewer than 50 unclassified files on Yellen’s machine. Two deputies were also part of the espionage breach, according to the report.

The major Salt Typhoon breach of telecom networks, meanwhile, has also concerned the U.S. government to the point that the FBI and CISA have warned Americans that they should use encrypted messaging apps due to the level of access Chinese threat actors appear to have. On Thursday, the Federal Communications Commission (FCC) ordered U.S. telecom companies to secure their networks, and said it will mandate the firms to confirm they have updated risk management policies through an annual certification.

“Today, in light of the vulnerabilities exposed by Salt Typhoon, we need to take action to secure our networks,” said FCC chairwoman Jessica Rosenworcel in a statement. “Our existing rules are not modern. It is time we update them to reflect current threats so that we have a fighting chance to ensure that state-sponsored cyberattacks do not succeed.”