The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued sanctions against two entities linked to major cyber activities targeting U.S. national security. The sanctions target Yin Kecheng, a Shanghai-based cyber actor involved in a recent compromise of Treasury Department networks, and Sichuan Juxinhe Network Technology Co., LTD., a cybersecurity company connected to the notorious Salt Typhoon hacker group. These sanctions are part of the U.S. government’s ongoing efforts to combat the growing threat posed by cyber actors associated with the People’s Republic of China (PRC).
Yin Kecheng is identified as a key figure behind the breach of the Department of the Treasury’s Departmental Offices network. This incident is part of a broader trend of PRC-based malicious cyber activity aimed at infiltrating U.S. government systems. According to OFAC, Yin has been active in cyber espionage for over a decade and is linked to China’s Ministry of State Security (MSS). The Treasury Department’s sanctions against Yin Kecheng are based on Executive Order (E.O.) 13694, which targets individuals and entities involved in cybercrimes that pose cyber risks to U.S. national security, foreign policy, or economic interests.
Adewale O. Adeyemo, the Deputy Secretary of the Treasury, emphasized the department’s commitment to holding cyber actors accountable. The Treasury Department will continue to use its authorities to hold accountable malicious cyber actors who target the American people, our companies, and the United States government, including those who have targeted the Treasury Department specifically,” said Adeyemo.
Salt Typhoon and the Increasing Threat of Cyber Intrusions
The sanctions also extend to Sichuan Juxinhe Network Technology Co., LTD., a Chinese cybersecurity firm directly involved in the cyber activities of the Salt Typhoon group. Active since at least 2019, Salt Typhoon has been responsible for significant breaches within U.S. telecommunication and internet service provider networks. Most recently, the group compromised the infrastructure of several major companies within these sectors, further escalating concerns over Chinese cyber operations against critical U.S. infrastructure.
Salt Typhoon’s operations are not isolated. They represent a growing number of cyber activities attributed to PRC-linked actors. These incidents necessitate costly remediation efforts for impacted organizations and threaten the stability of critical national infrastructure. Sichuan Juxinhe is known for its direct involvement in exploiting vulnerabilities in U.S. networks and has maintained strong ties with Chinese state-sponsored entities. According to OFAC, these actions are consistent with the broader strategy of Chinese state-backed cyber groups targeting critical U.S. infrastructure.
Treasury Department’s Ongoing Efforts to Counter Cyber Threats
The sanctions against Yin Kecheng and Sichuan Juxinhe are part of a series of measures aimed at curbing increasingly reckless cyber activities tied to China. On January 3, 2025, OFAC sanctioned Integrity Technology Group, Inc. for its role in Flax Typhoon’s malicious activities. Previous actions in 2024 also saw the designation of entities like Sichuan Silence Information Technology Company, Ltd., responsible for compromising U.S. firewalls, and Wuhan Xiaoruizhi Science and Technology Company, Ltd., linked to the Advanced Persistent Threat (APT) 31 group.
These sanctions are a crucial part of the U.S. government’s strategy to protect its cyber infrastructure and prevent further compromises by malicious actors. The Office of the Director of National Intelligence’s Annual Threat Assessment further highlighted that Chinese cyber actors, including those linked to the MSS, remain some of the most persistent threats to U.S. national security.
Conclusion
To strengthen its efforts against cyber threats, the U.S. Department of State is offering a reward of up to $10 million for information leading to the identification or location of individuals involved in malicious cyber activities targeting U.S. critical infrastructure, with the Rewards for Justice program encouraging people to come forward with such information.
In parallel, the U.S. Treasury’s sanctions against Yin Kecheng and Sichuan Juxinhe, and their ties to the Salt Typhoon hacker group, ensure that any property or interests tied to these entities in the U.S. are blocked, with strict penalties for violations of these sanctions.
The Treasury Department’s enforcement of these measures sends a strong message about the seriousness of cybersecurity and highlights the U.S. government’s commitment to combating foreign cyber threats, reinforcing the need for international cooperation in addressing these growing challenges to national security.
