Cybercrime , Endpoint Security , Fraud Management & Cybercrime

US Sanctions Chinese National for Running 911 S5 Botnet

Treasury Department Says Botnet Users Committed Fraud, Made Bomb Threats
US Sanctions Chinese National for Running 911 S5 Botnet
The U.S. Department of Treasury sanctioned three Chinese nationals for their roles in exploiting the 911 S5 botnet and its criminal proceeds. (Image: Shutterstock)

The U.S. Department of the Treasury sanctioned a Chinese national for his role in directing the 911 S5 botnet, which uses hacked residential computers as proxies and is often used to commit fraud.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

The department's Office of Foreign Assets Control said an investigation into network infrastructure and virtual private networks used by botnet operators revealed Yunhe Wang as the primary administrator.

The office also sanctioned Jinping Liu, who it accused of laundering criminally derived proceeds. Also under sanctions is Yanni Zheng, a business agent for Wang. Treasury also listed three companies based in Thailand under Wang's control - Spicy Code Co. Ltd., Tulip Biz Pattaya Group Co. Ltd. and Lily Suites Co. Ltd.

Criminals have used the botnet - consisting of 19 million IP addresses - to submit "tens of thousands of fraudulent applications" for coronavirus and economic stimulus funds, Treasury said. Users of 911 S5 also used the botnet to anonymously spread bomb threats in July 2022 - a period during which college campuses experienced a surge in such threats.

Hackers prize residential proxies since they provide a trusted node for entering the wider internet. Computer owners whose devices are compromised typically have no knowledge that their residential IP address is being used for fraud or to make threats. The botnet 911 S5 "essentially enables cybercriminals to conceal their originating location, effectively defeating fraud detection systems," Treasury said.

Liu allegedly converted cryptocurrency payments from botnet users into U.S. dollars through over-the-counter vendors that wired and deposited the funding into bank accounts held by him. Zheng allegedly served as power of attorney for Wang and Spicy Code Co. Ltd., participating in numerous transactions and payments and purchasing real estate, including a luxury beachfront condominium in Thailand, on behalf of Wang.

The sanctions come after Treasury recently announced the first-ever U.S. sanctions against a commercial spyware entity used to target government officials, journalists and policy experts (see: US Announces First-Ever Sanctions Against Commercial Spyware).


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.