Treasury sanctions Salt Typhoon hacking group behind breaches of major US telecom firms

The U.S. government has announced sanctions against a Chinese organization with links to Salt Typhoon, the hacking group responsible for the largest telecoms hack in U.S. history. 

The Treasury Department’s Office of Foreign Assets Control (OFAC) announced on Friday that it had sanctioned a China-based cybersecurity company known as Sichuan Juxinhe Network Technology, which it says is directly linked to the China-backed Salt Typhoon hacking group.

Salt Typhoon was recently identified as carrying out the largest telecommunications hack in U.S. history, after infiltrating at least nine U.S. telecom and internet providers, including AT&T and Verizon, to gain access to the private communications of senior U.S. government officials and political figures. 

The hackers also hacked into the systems that law enforcement agencies use for court-authorized collection of customer data, potentially accessing sensitive data such as identities of Chinese targets of U.S. surveillance. 

In its press release on Friday, OFAC said that Sichuan Juxinhe had “direct involvement in the exploitation of these U.S. telecommunication and internet service provider companies.” 

Treasury hackers sanctioned

OFAC also announced sanctions against Yin Kecheng, a cyber actor in Shanghai, which U.S. officials claim was responsible for the recent widespread hack of the U.S. Treasury.

The hack, which took place in late December, saw hackers use a private key stolen from BeyondTrust — a cybersecurity company that provides identity access tech to large organizations and government departments — to gain remote access to certain Treasury employee workstations. 

The cyberattack allowed hackers — another China state-backed group known as Silk Typhoon — to target various departments within the U.S. Treasury, including its sanctions office.

According to OFAC, Yin Kecheng has been a cyber actor for over a decade and is affiliated with China’s Ministry of State Security, an intelligence and security agency responsible for the country’s foreign intelligence collection.

U.S. Treasury official Adewale O. Adeyemo said in a statement Friday: “The Treasury Department will continue to use its authorities to hold accountable malicious cyber actors who target the American people, our companies, and the United States government, including those who have targeted the Treasury Department specifically.”

Earlier this month, the U.S. government sanctioned another China-based cybersecurity company over its alleged links to a government-backed hacking group known as Flax Typhoon. The Treasury said the company, Integrity Technology Group, had been involved in “multiple computer intrusion incidents against U.S. victims,” including U.S. critical infrastructure.