US govt sanctions cybercrime gang behind massive 911 S5 botnet

Researchers at the Canadian University of Sherbrooke revealed almost two years ago, in June 2022, that this illegitimate residential proxy service lured potential victims by offering free VPN services to install malware designed to add their IP addresses to the 911 S5 botnet.
At the time, the botnet controlled approximately 120,000 residential proxy nodes from all over the world, all of which communicated with multiple command-and-control servers located offshore or hosted within a cloud server.
OFAC added that the residential proxy botnet compromised approximately 19 million IP addresses.
These infected devices allowed cybercriminals to submit tens of thousands of fraudulent applications for programs related to the Coronavirus Aid, Relief, and Economic Security Act, resulting in billions of dollars in losses.
911 S5 users also used it to commit widespread cyber-enabled fraud using residential IP addresses linked to compromised computers.
These IP addresses were also used in a series of bomb threats made across the United States in July 2022.
OFAC today sanctioned Yunhe Wang, Jingping Liu, and Yanni Zheng, as well as three entities, all owned or controlled by Yunhe Wang.
As a result of today's sanctions, all transactions involving U.S. interests and properties of designated individuals and entities are prohibited, and dealings with sanctioned individuals and companies also expose them to sanctions or enforcement actions.
Cybersecurity firm Mandiant also warned last week that Chinese state hackers are increasingly relying on vast proxy server networks built from compromised online devices and virtual private servers to evade detection during their cyberespionage campaigns.
State hackers turn to massive ORB proxy networks to evade detection.
US woman allegedly aided North Korean IT workers infiltrate 300 firms.
US govt sanctions Iranians linked to government cyberattacks.
Moldovan charged for operating botnet used to push ransomware.
CISA orders agencies impacted by Microsoft hack to mitigate risks.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 28 May 2024 19:05:14 +0000


Cyber News related to US govt sanctions cybercrime gang behind massive 911 S5 botnet

Treasury Sanctions Creators of 911 S5 Proxy Botnet - The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through ...
6 months ago Krebsonsecurity.com
Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
6 months ago Packetstormsecurity.com
"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
6 months ago Tripwire.com
US dismantles 911 S5 botnet used for cyberattacks, arrests admin - The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator. As early as 2011, Wang and his conspirators pushed malware onto victims' devices using ...
6 months ago Bleepingcomputer.com
US govt sanctions cybercrime gang behind massive 911 S5 botnet - Researchers at the Canadian University of Sherbrooke revealed almost two years ago, in June 2022, that this illegitimate residential proxy service lured potential victims by offering free VPN services to install malware designed to add their IP ...
6 months ago Bleepingcomputer.com
US govt sanctions cybercrime gang behind massive 911 S5 botnet - Researchers at the Canadian University of Sherbrooke revealed almost two years ago, in June 2022, that this illegitimate residential proxy service lured potential victims by offering free VPN services to install malware designed to add their IP ...
6 months ago Bleepingcomputer.com
US govt sanctions cybercrime gang behind massive 911 S5 botnet - Researchers at the Canadian University of Sherbrooke revealed almost two years ago, in June 2022, that this illegitimate residential proxy service lured potential victims by offering free VPN services to install malware designed to add their IP ...
6 months ago Bleepingcomputer.com
US Sanctions Three Chinese Men for Operating 911 S5 Botnet - The US Treasury Department on Tuesday announced sanctions against three Chinese nationals accused of creating and operating a botnet named 911 S5. The Treasury's Office of Foreign Assets Control has designated Yunhe Wang, Jingping Liu, and Yanni ...
6 months ago Securityweek.com
US Sanctions Three Chinese Men for Operating 911 S5 Botnet - The US Treasury Department on Tuesday announced sanctions against three Chinese nationals accused of creating and operating a botnet named 911 S5. The Treasury's Office of Foreign Assets Control has designated Yunhe Wang, Jingping Liu, and Yanni ...
6 months ago Packetstormsecurity.com
US sanctions Russian for cleaning Ryuk's and oligarchs' cash The Register - A Russian woman the US accuses of being a career money launderer is the latest to be sanctioned by the country for her alleged role in moving hundreds of millions of dollars on behalf of oligarchs and ransomware criminals. Among these was her alleged ...
1 year ago Theregister.com
Is Your Computer Part of 'The Largest Botnet Ever?' - The Cloud Router homepage, which was seized by the FBI this past weekend. Cloud Router was previously called 911 S5. On May 24, authorities in Singapore arrested the alleged creator and operator of 911 S5, a 35-year-old Chinese national named YunHe ...
6 months ago Krebsonsecurity.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
7 months ago Cisa.gov
The New Cybercrime Atlas: A Collaborative Approach to Fighting Digital Crime - The global transition to the digital economy means that the operations of governments, critical infrastructures, businesses, and individuals are now a tightly integrated system of interconnected resources. Cybercrime presents a significant risk to ...
10 months ago Feeds.fortinet.com
Botnet down and administrator arrested in 911 S5 case, FBI says - The FBI and international partners say they have dismantled a massive botnet that had infected more than 19 million IP addresses across 200 countries and was used for years to conceal cybercrime. The 911 S5 botnet's alleged administrator, Chinese ...
6 months ago Therecord.media
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
1 year ago Bleepingcomputer.com
CISA Hosts Second Cyber Resilient 911 Symposium - CISA's Emergency Communications Division led the Cyber Resilient 911 Program's second regional symposium in the Southeast, which included CISA regions 4 and 6 as well as Delaware, Puerto Rico, West Virginia, and the U.S. Virgin Islands. Attendees ...
10 months ago Cisa.gov
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
10 months ago Securityboulevard.com
Britain and US Take Action Against Ransomware Criminals by Imposing Sanctions on Seven People - On Thursday, the United Kingdom and United States imposed sanctions on seven people linked to a single criminal network responsible for Conti and Ryuk ransomware gangs and the Trickbot banking trojan. This is the first major move of a new joint ...
1 year ago Therecord.media
Evil Corp hit with new sanctions, BitPaymer ransomware charges - "Eduard Benderskiy (Benderskiy), a former Spetnaz officer of the Russian Federal Security Service (FSB), which is designated under numerous OFAC sanctions authorities, current Russian businessman, and the father-in-law of Evil Corp's leader ...
2 months ago Bleepingcomputer.com
Feds go Fancy Bear hunting, take down Russia's GRU botnet The Register - The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Moobot ...
10 months ago Go.theregister.com
US Sanctions Sinbad Mixer: Disrupting Threats Unveiled - The U.S. Treasury Department recently took a significant step in the ongoing battle against cybercrime by imposing sanctions on Sinbad. It's a virtual currency mixer utilized by the North Korea-linked Lazarus Group to launder funds obtained through ...
1 year ago Securityboulevard.com
UN Cybercrime Convention: Tight Timeframe to Create New Global Approach to Combat Cybercrime - Cybercrime is a growing problem that affects nearly all of the world's nearly 200 nation-states. From ransomware attacks to rampant cryptocurrency theft, criminal exploitation of borderless digital systems threatens global economic security and the ...
1 year ago Csoonline.com
New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
1 year ago Bleepingcomputer.com
Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities - Researchers have discovered an Internet of Things botnet linked with attacks against multiple US government and communications organizations. It comes built with a series of stealth mechanisms and the ability to spread further into local area ...
1 year ago Darkreading.com
North Korea APT Slapped With Cyber Sanctions After Satellite Launch - The US Department of the Treasury Office of Foreign Assets Control has announced it has sanctioned cyberespionage group Kimsuky for collecting intelligence on behalf of the Democratic People's Republic of Korea. The OFAC said the sanctions are ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)