0
0
US Treasury Department Sanctions Three Chinese Nationals for Operating VPN-Powered Botnet
The US Treasury Department recently announced that it has imposed sanctions on three Chinese individuals for their involvement in a nefarious VPN-powered botnet. This botnet utilized over 19 million residential IP addresses, which were leased out to cybercriminals for the purpose of concealing their illicit activities. Some of the criminal acts enabled by this network included COVID-19 aid scams and bomb threats.
Residential Proxy Service 911 S5 Unveiled
According to the Treasury Department, the fraudulent operation was conducted under the guise of a residential proxy service named 911 S5. Such services function by providing customers with a pool of IP addresses assigned to regular households. By routing Internet traffic through these addresses, users could mask their true locations, making it appear as if their connections originated from the legitimate homeowners.
Earlier investigations into a similar service named 911.re by researchers at the University of Sherbrooke shed light on the infrastructure of this type of operation. The network was discovered to consist of 120,000 residential IP addresses, which were seemingly acquired through the use of free VPNs like MaskVPN and DewVPN. These VPN applications, aside from providing standard secure connections, exhibited botnet-like behavior by transforming users’ devices into proxy servers to expand their network in a covert manner.
The complex architecture of the botnet was meticulously crafted to thwart reverse engineering attempts, showcasing the extent of the sophistication involved in maintaining such clandestine operations.
Sanctioned Individuals and Businesses
The recent sanctions targeted the registrants behind these illicit services, among them Yunhe Wang from Beijing, who was identified as the mastermind responsible for several crucial elements of the 911 S5 operation. Additionally, Jingping Liu was named as a co-conspirator aiding Wang in money laundering activities associated with the enterprise. Yanni Zheng, acting on behalf of Wang, was implicated in various business dealings and purchases, including the acquisition of a luxurious beachfront condominium in Thailand.
Under Secretary Brian E. Nelson emphasized the malevolent impact of these individuals’ actions, highlighting how the botnet technology facilitated widespread fraud and instilled fear through bomb threats, ultimately jeopardizing the welfare of US citizens.
Furthermore, the sanctions extended to three Thailand-based businesses, including Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited, all of which were involved in real estate transactions linked to Wang’s operations.
Operational Impact and Recommendations
The Treasury Department revealed that the 911 S5 botnet was employed in thousands of fraudulent applications connected to COVID-19 relief scams, leading to substantial financial losses for the US government. Moreover, the botnet’s IP addresses were tied to a series of bomb threats across the US in July 2022.
Researchers from Google-owned security firm Mandiant recently highlighted the challenges posed by similar operational relay box networks utilized by threat actors associated with China. They underscored the necessity for adopting novel defense strategies to counter these evolving cyber threats effectively.
As the cybersecurity landscape continues to evolve, it is imperative for organizations and authorities to remain vigilant and proactive in combating the ever-growing sophistication of cybercriminal activities such as those orchestrated by the 911 S5 botnet.
Image/Photo credit: source url
