U.S. Treasury Initiates Sanctions Against Chinese Cybersecurity Firm Linked to Federal Agency Breach Connected to Salt Typhoon
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on the Chinese cybersecurity company Sichuan Juxinhe Network Technology Co., LTD., along with Shanghai-based cyber actor Yin Kecheng, in response to their association with the activities of the notorious Salt Typhoon Advanced Persistent Threat (APT) group. This group has recently targeted multiple U.S. telecommunications and internet service providers, highlighting an ongoing threat to critical information technology systems within the United States.
The sanctions against Sichuan Juxinhe Network Technology are linked to Salt Typhoon’s breach of federal agency networks, most notably affecting the Department of the Treasury’s IT systems. This breach underscores the persistent attempts by China-affiliated hackers to infiltrate U.S. governmental infrastructures. Yin Kecheng has been specifically identified as involved in the breach of the Treasury’s network.
The Treasury’s OFAC described the situation as particularly alarming, noting, “PRC-linked malicious cyber actors continue to target U.S. government systems, including recent intrusions into Treasury’s IT infrastructure,” as stated in their official announcement. This reflects findings from the Office of the Director of National Intelligence’s Annual Threat Assessment, which categorizes Chinese state-sponsored actors among the most significant and enduring threats to U.S. national security.
The Treasury Department first learned of the breach on December 8, through a notification from its vendor, BeyondTrust, a company specializing in Privileged Access Management and secure remote access for multiple sectors, including government and finance. The incident has raised concerns concerning the integrity of unclassified documents and the accessibility of government employee workstations by unauthorized individuals.
Adding to the urgency of the situation, BeyondTrust recently reported a cyberattack that compromised some of its Remote Support SaaS instances. The Treasury Department, in collaboration with the FBI and the broader intelligence community, is currently investigating the ramifications of this security incident.
In light of these developments, the U.S. Treasury has previously sanctioned Integrity Tech, another Chinese cybersecurity firm involved in attacks associated with the Flax Typhoon group. These regulatory measures aim to block the assets of those designated under U.S. sanctions, outlaw transactions involving their properties, and enforce penalties for any violations, which may extend to foreign entities as well.
As businesses increasingly face the threat of state-sponsored cyber activities, the Treasury Department has reinforced its commitment to identifying those who undermine the security of U.S. critical infrastructure. Following the Computer Fraud and Abuse Act, the U.S. State Department has established a reward of up to $10 million for information leading to the identification of state-sponsored cyber actors engaging in attacks against U.S. infrastructure.
In considering the potential tactics employed during these breaches, adversary techniques could include initial access through exploiting vulnerabilities, privilege escalation, and maintaining persistence within compromised networks. The MITRE ATT&CK framework serves as a valuable resource for understanding these methodologies as cyber actors seek to exploit security weaknesses in complex IT environments.
The ongoing investigations and sanctions reflect a comprehensive approach to addressing the rising tide of cyber threats that businesses and governments alike face, underscoring the critical need for vigilance and proactive security measures in protecting sensitive information against sophisticated cyber threats.
