Treasury Sanctions Company, Hacker Associated with Salt Typhoon

OFAC is designating Yin Kecheng pursuant to Executive Order (E.O.) 13694, as further amended by the new E.O. on Strengthening and Promoting Innovation in the Nation’s Cybersecurity, for being responsible for or complicit in, or having engaged in, directly or indirectly, activities related to gaining or attempting to gain unauthorized access to a computer or network of computers of a United States person, the United States, a United States ally or partner or a citizen, national, or entity organized under the laws thereof, where such efforts originate from or are directed by persons located, in whole or substantial part, outside the United States and are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.

Chinese Malicious Cyber Group SALT Tphoon
Salt Typhoon has been active since at least 2019 and has been responsible for numerous compromises of U.S. companies in the communication sector. Recently, Salt Typhoon compromised the network infrastructure of multiple major U.S. telecommunication and internet service provider companies, marking a dramatic escalation in the Chinese cyber operations against U.S. critical infrastructure targets. The Salt Typhoon intrusions are one example of an increasing number of PRC state-backed malicious cyber activities, which necessitate costly remediation efforts.   

Sichuan Juxinhe Network Technology Co., LTD. (Sichuan Juxinhe) had direct involvement in the exploitation of these U.S. telecommunication and internet service provider companies. The MSS has maintained strong ties with multiple computer network exploitation companies, including Sichuan Juxinhe. 

OFAC is designating Sichuan Juxinhe pursuant to E.O. 13694, as further amended by the new E.O. on Strengthening and Promoting Innovation in the Nation’s Cybersecurity, for being responsible for or complicit in, or having engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose or effect of harming, or otherwise compromising the provision of services by, a computer or network of computers that support one or more entities in a critical infrastructure sector.

Sanctions Implications
As a result of the action, all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC or exempt, U.S. sanctions generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons.