The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on two Chinese cyber actors involved in high-profile cyberattacks targeting US government systems and critical infrastructure. The sanctions target Yin Kecheng, a Shanghai-based cyber actor allegedly involved in the recent compromise of the Department of the Treasury’s network, and Sichuan Juxinhe Network Technology Co., Ltd., a Sichuan-based cybersecurity company involved in the Salt Typhoon cyber group’s activities.
According to the US authorities, Yin Kecheng is affiliated with the PRC's Ministry of State Security (MSS) and is directly linked to the breach of the Treasury’s Departmental Offices network.
The Salt Typhoon group, active since at least 2019, has been responsible for a series of cyberattacks against US telecommunication and internet service provider companies. The group's activities are believed to be part of a broader effort to target critical US infrastructure.
Sichuan Juxinhe, the company involved in the Salt Typhoon group’s attacks, is a key player in the exploitation of US telecommunication networks, the OFAC said. The MSS has longstanding ties with several Chinese companies engaged in computer network exploitation, including Sichuan Juxinhe, further strengthening the connection between Chinese state-sponsored cyber activities and private sector entities in China.
In addition, the US Department of State has announced a reward of up to $10 million for information leading to the identification or location of individuals involved in malicious cyber activities against US critical infrastructure.
The new sanctions follow a series of other recent Treasury actions in response to cyber activities originating from China. In January 2025, the Treasury sanctioned Integrity Technology Group for its involvement in Flax Typhoon cyber activities. Other sanctions, including those against Sichuan Silence Information Technology Company, were implemented throughout 2024 in response to various Chinese cyber operations targeting the US.
Last week, the OFAC sanctioned a network linked to North Korea's Ministry of National Defense for generating revenue through illegal remote IT work schemes. The sanctions target North Korean front companies Korea Osong Shipping Co. and Chonsurim Trading Corporation, along with their leaders, Jong In Chol and Son Kyong Sik. Additionally, the Treasury sanctioned Liaoning China Trade, a Chinese company that supplied electronics to a North Korean weapons-trading entity, Department 53, which also generates revenue through IT and software development fronts.