TLDR:
The U.S. Department of the Treasury has imposed sanctions on a Chinese cybersecurity firm and cyber actor for their links to the Salt Typhoon group. This group, believed to be behind a breach of U.S. Treasury systems, accessed sensitive government data and compromised telecom providers. The sanctions come as part of ongoing efforts to combat Chinese cyber espionage and protect U.S. critical infrastructure.
U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Linked to Salt Typhoon
In a significant move, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned a Chinese cybersecurity company and a Shanghai-based cyber actor tied to the Salt Typhoon group. This group is allegedly responsible for the recent hack of the U.S. Treasury, which involved the infiltration of critical systems, exposing sensitive government data.
The sanctions target Yin Kecheng, a cyber actor believed to be affiliated with China’s Ministry of State Security (MSS) and active for over a decade. The attack, which came to light earlier this month, involved the exploitation of BeyondTrust’s Remote Support SaaS instances via a compromised API key. This hack is attributed to Salt Typhoon, previously known as Hafnium, a group known for exploiting vulnerabilities in Microsoft Exchange Server (such as the ProxyLogon zero-day vulnerability) in early 2021.
Details of the Hack and Impact on U.S. Systems
The Salt Typhoon cyber actors successfully breached U.S. Treasury systems, compromising over 400 computers. The attackers exfiltrated more than 3,000 files, including sensitive policy documents, travel data, organizational charts, and classified law enforcement information. They even gained unauthorized access to computers used by high-ranking officials, such as Secretary Janet Yellen and Deputy Secretary Adewale Adeyemo.
In addition to targeting the Treasury, Salt Typhoon is also believed to have been involved in attacks on major telecommunications and internet service providers. The FCC has since responded with new rules requiring service providers to improve cybersecurity measures and prevent unlawful access to communications networks.
Sanctions and Ongoing Efforts to Counter Cyber Espionage
The recent sanctions aim to disrupt the activities of Sichuan Juxinhe Network Technology Co., Ltd., a Chinese cybersecurity firm directly involved in these cyberattacks. The firm has been linked to the Salt Typhoon group and has targeted U.S. telecom providers such as AT&T, Verizon, T-Mobile, and Lumen Technologies.
This is part of a broader effort by the U.S. government to combat cyber espionage from China, which has been a significant threat to the nation’s critical infrastructure. CISA Director Jen Easterly has publicly stated that China’s cyber program is the most sophisticated and serious threat to U.S. infrastructure. In response, the FCC has also mandated new cybersecurity risk management plans for telecom companies to prevent future attacks.
The Role of U.S. Cybersecurity Agencies and International Pressure
The U.S. government has continually ramped up pressure on foreign-state-sponsored cyber actors through sanctions. The Rewards for Justice program also offers up to $10 million for information leading to the identification of individuals linked to such attacks. These actions signal a clear message to foreign adversaries that attacking critical U.S. infrastructure will result in severe consequences.
As Salt Typhoon continues to operate and target sensitive U.S. entities, these sanctions underscore the need for proactive cybersecurity measures across all industries. Companies must remain vigilant and ensure that they are implementing the best security practices to defend against these persistent threats.
What Businesses Should Do to Protect Themselves
The rise of state-sponsored cyber actors like Salt Typhoon highlights the need for robust cybersecurity practices. Businesses should:
- Regularly update software to patch known vulnerabilities.
- Implement multi-factor authentication (MFA) to add layers of security.
- Adopt network segmentation to limit the damage from breaches.
- Educate employees about phishing and other common attack vectors.
- Stay informed about new cybersecurity threats and regulatory changes.
As the threat landscape evolves, staying ahead of these cyber actors requires constant vigilance and a multi-faceted defense strategy.
