Treasury’s Office of Foreign Assets Control (OFAC) designated three individuals for their activities associated with the malicious botnet tied to the residential proxy service known as 911 S5.
The 911 S5 botnet was a malicious service that compromised victim computers and allowed cybercriminals to proxy their internet connections through these compromised computers.
Once a cybercriminal had disguised their digital tracks through the 911 S5 botnet, their cybercrimes appeared to trace back to the victim’s computer instead of their own.
The 911 S5 botnet compromised approximately 19 million IP addresses and facilitated the submission of tens of thousands of fraudulent applications related to the Coronavirus Aid, Relief, and Economic Security Act programs by its users, resulting in the loss of billions of dollars to the U.S. government.
The 911 S5 service enabled users to commit widespread cyber-enabled fraud using compromised victim computers that were associated to residential IP addresses. The IP addresses compromised by the 911 S5 service were also linked to a series of bomb threats made throughout the United States in July 2022.
Yunhe Wang, Jingping Liu, and Yanni Zheng, along with three entities—Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited were named in the action.
Yunhe Wang , the primary administrator of the 911 S5 service, was arrested May 24.
Jingping Liu was Yunhe Wang’s co-conspirator in the laundering of criminally derived proceeds generated from 911 S5, mainly virtual currency.
Yanni Zheng acted as the power of attorney for Yunhe Wang and his company, Spicy Code Company Limited. In addition, Yanni Zheng participated in numerous business transactions, made multiple payments, and purchased real estate property on behalf of Yunhe Wang, including a luxury beachfront condominium in Thailand.
The three individuals sanctioned are Chinese nationals, althought Wang is reported to hold St. Kitts' citizenship by purchase. All three entities sanctioned are based in Thailand.
This operation was a coordinated multiagency effort led by law enforcement in the United States, Singapore, Thailand, and Germany. Agents and officers searched residences, seized assets valued at approximately $30 million, and identified additional forfeitable property valued at approximately $30 million. The operation also seized 23 domains and over 70 servers constituting the backbone of Wang’s prior residential proxy service and the recent incarnation of the service.
For more information or to determine if you are a victim of 911 S5 malware, please visit www.fbi.gov/911S5.
For information on complying with sanctions applicable to virtual currency, see OFAC’s Sanctions Compliance Guidance for the Virtual Currency Industry here.
Comments
No comments on this item Please log in to comment by clicking here