US Sanctions Chinese Hackers for Treasury, Telecom Breaches

The US has sanctioned Chinese state cyber actors over the recent compromises of the Department of the Treasury and multiple telecoms providers, respectively.

Shanghai-based Yin Kecheng was involved in the hack of US Treasury computers via third-party cybersecurity vendor BeyondTrust in December 2024, according to the Department of the Treasury’s Office of Foreign Assets Control (OFAC).

The attackers were able to access unclassified documents held in certain Treasury Departmental Offices (DO) workstations. Bloomberg reported that US Treasury Secretary Janet Yellen’s computer was among the devices compromised.

OFAC has also sanctioned Sichuan-based cybersecurity company Sichuan Juxinhe Network Technology Co., Ltd for its direct involvement in the compromise of multiple US-based telecoms firms.

The November 2024 incident saw China-alligned threat group Salt Typhoon access call records, unencrypted messages and audio communications of targeted individuals, including US government officials.

Kecheng and Sichuan Juxinhe Network Technology have had their US assets blocked and are banned from engaging in any transactions with US citizens or anyone operating in the country.

Responding to Escalating Chinese Hacks on US Infrastructure

The recent Treasury and Telecoms hacks highlight the “increasingly reckless” cyber activity by the People’s Republic of China (PRC) government and affiliated actors, OFAC said.

The latest sanctions follow several similar designations recently issued against individuals and companies connected with PRC-backed cyber-attacks on US targets.

In January 2025 sanctions were issued to Beijing-based Integrity Technology Group which was accused of providing infrastructure for Flax Typhoon’s large-scale botnet campaign that targeted American organizations.

Sichuan Silence Information Technology Company and one of its employees were sanctioned in December 2024 for their involvement in the large-scale compromise of firewalls in April 2020.

In March 2024, the US government issued sanctions against Wuhan Xiaoruizhi Science and Technology Company and seven individuals. The firm and associated individuals were accused of participating in a hacking effort resulting in the compromise of American critical infrastructure organizations.

The efficacy of the sanctions could be limited and are unlikely to directly impact the activities of the designated individuals and entities because they are typically based beyond the border of US law enforcement.

However, experts have highlighted the potential indirect impact that sanctions could have on cyber actors. These include hindering their ability to move illicit funds in other countries and physically travel.

Additionally, sanctions can have a psychological impact, with authorities sending the sanctioned actors a message that they know their identity and given the opportunity, will try and arrest them.

The US Department of State’s Rewards for Justice program offers substantial financial rewards for information leading to the identification or location of any person who engages in malicious cyber activities against US critical infrastructure.

Commenting on the latest announcement, Deputy Secretary of the Treasury Adewale O. Adeyemo, said: “The Treasury Department will continue to use its authorities to hold accountable malicious cyber actors who target the American people, our companies, and the United States government, including those who have targeted the Treasury Department specifically.”

Image credit: Ian Peter Morton / Shutterstock.com​