
US Sanctions Chinese Nationals and Thai Entities for Cyber Fraud Botnet
US Sanctions Chinese Nationals and Thai Entities for Cyber Fraud Botnet
Key Highlights:
- Three Chinese nationals and three Thai entities sanctioned for cyber fraud.
- The 911 S5 botnet compromised 19 million IP addresses, aiding COVID aid fraud.
- US Treasury Department coordinated with FBI, DCIS, and international partners.
Washington [US], May 29 : The US Treasury Department has sanctioned three Chinese nationals and three Thailand-based entities for their association with a malicious botnet that facilitated cyber fraud, resulting in billions of dollars in losses to the US government. This botnet also contributed to bomb threats and fraudulent applications for COVID-19 aid.
The 911 S5 botnet compromised around 19 million IP addresses, enabling its users to submit tens of thousands of fraudulent applications related to the Coronavirus Aid, Relief, and Economic Security Act programs. This botnet allowed users to commit widespread cyber-enabled fraud by exploiting compromised victim computers linked to residential IP addresses. Additionally, these compromised IP addresses were associated with a series of bomb threats in the US in July 2022.
The Federal Bureau of Investigation (FBI), Defence Criminal Investigative Service (DCIS), and the US Department of Commerce’s Office of Export Enforcement, along with partners in Singapore and Thailand, collaborated to sanction the involved individuals and entities.
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated Yunhe Wang, Jingping Liu, and Yanni Zheng for their involvement with the botnet. OFAC also sanctioned three entities—Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited—owned or controlled by Yunhe Wang. Under Secretary Brian E. Nelson stated that these individuals used their botnet technology to enable cybercriminals to fraudulently obtain economic assistance and terrorize US citizens with bomb threats.
As a result of these sanctions, all property and interests in property of the designated individuals and entities within the US or under US control must be blocked and reported to OFAC. US regulations generally prohibit all dealings by US persons or within the US that involve any property or interests in property of a blocked or designated entity.
In a related action in March, the Treasury Department, in collaboration with the US Department of Justice, FBI, Department of State, and the UK Foreign, Commonwealth & Development Office (FCDO), targeted actors linked to the Chinese state-sponsored APT 31 hacking group. OFAC sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a front company for the Chinese Ministry of State Security (MSS), along with Zhao Guangzong and Ni Gaobin for their roles in malicious cyber operations targeting US critical infrastructure sectors.
(Inputs from
Latest Posts
- Kishtwar, Jammu Kashmir: Heavy Rain Triggers Landslides, Flash Floods; NH-244 Closed
July 6, 2026 | Breaking News, Jammu Kashmir, Kishtwar - Iran to Pursue Legal Action Against Israel, United States Over Assassination of Supreme Leader Ali Khamenei
July 6, 2026 | Breaking News, Politics, World - Pakistan Air Force Officer Shot Dead While Trying to Stop Alleged Abduction in Islamabad
July 6, 2026 | Breaking News, Pakistan News, World - ‘Begging’ for Deal, ‘One Shot’ Could End Remaining Leadership: President Trump’s Remarks on Iran
July 5, 2026 | Breaking News, Politics, World - ‘Kill Donald Trump’ Banners, ‘Revenge’ Chants Mark Supreme Leader Ayatollah Ali Khamenei Funeral in Tehran
July 5, 2026 | Breaking News, Politics, World - Army Plugs Escape Routes At Jammu & Kashmir Orchard Where Camera Detected 2 Lashkar Terrorists
July 5, 2026 | Breaking News, India, Jammu Kashmir - Two Alleged Lawrence Bishnoi Gang Members Killed in Police Encounter in Haryana
July 5, 2026 | Breaking News, India - New financial clues surface in Ram Mandir donation theft; police scrutinise 15L worth transactions
July 5, 2026 | Breaking News, India - Ministry of Home Affairs Declares 23 Individuals as Terrorists Under UAPA, Targets LeT and JeM Operatives
July 4, 2026 | Breaking News - Doctors/Staff Wear Black Badges at Kishtwar Hospital Amid Row With MLA Shagun Parihar; MS Says, “Ready for En Masse Transfers”
July 4, 2026 | Breaking News, Jammu Kashmir, Kishtwar