The US Treasury Department has sanctioned three Chinese nationals and three of their companies for running a major proxy botnet operation that infected consumer devices with malware and facilitated cybercrime on a global scale.
According to the Office of Foreign Assets Control (OFAC), the three people are Yunhe Wang, Jingping Liu and Yanni Zheng, while the companies are called Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited and Lily Suites Company Limited, all owned by Yunhe Wang and registered in Thailand.
The three set up and operated 911 S5, a massive botnet that controls a residential proxy service known as “911 S5.”
painful sanctions
A residential proxy botnet is a network of compromised devices, typically PCs, smartphones, and the like, located in residential areas. They are typically hijacked by malware and controlled to provide other cybercriminals with ways to route Internet traffic to remain anonymous while conducting illegal online activities.
“These individuals leveraged their malicious botnet technology to compromise personal devices, allowing cybercriminals to fraudulently obtain financial assistance to those in need and terrorize our citizens with bomb threats,” said Under Secretary Brian E. Nelson. “Treasury, in close coordination with our law enforcement colleagues and international partners, will continue to take action to disrupt cybercriminals and other illicit actors seeking to steal from American taxpayers.”
These sanctions mean that American companies, banks and other entities cannot do business with these people or companies. Additionally, American companies are not allowed to do business with other companies that do provide services to these people, so the result can be quite painful for those on the receiving end.
Apparently, all three offered people a free VPN service, which came with malware that added their devices to the botnet. Cybercriminals subsequently used the botnet for different things, including bomb threats that were made across the United States two years ago. beepcomputer reported.