CISA Confirms No Evidence of Broader Government Hack Beyond Treasury Department

US Treasury Sanctions Salt Typhoon: The Hacking Group Responsible for Major Telecom Breaches

The U.S. government has recently imposed sanctions on a Chinese organization associated with the notorious hacking group, Salt Typhoon. This group is infamous for executing the largest telecommunications hack in U.S. history, targeting multiple telecom and internet service providers. The sanctions aim to combat cyber threats and strengthen national security.

Sanctions Overview: Targeting Salt Typhoon

On Friday, the Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against Sichuan Juxinhe Network Technology, a China-based cybersecurity firm. This organization is reportedly linked to the Salt Typhoon hacking group, which has been implicated in a series of high-profile cyberattacks.

Salt Typhoon’s Infiltration of U.S. Telecoms

Salt Typhoon has recently been identified as the perpetrator behind a significant breach affecting at least nine U.S. telecom and internet providers, including major companies like AT&T and Verizon. The implications of this breach are serious, as hackers gained unauthorized access to:

  • The private communications of senior U.S. government officials
  • Political figures
  • Law enforcement systems used for authorized data collection

This access raises concerns about the potential exposure of sensitive information, particularly regarding Chinese targets of U.S. surveillance.

Additional Sanctions Against Cyber Actors

In addition to sanctions against Sichuan Juxinhe, OFAC also targeted Yin Kecheng, a cyber actor based in Shanghai. Yin is linked to a recent massive hack of the U.S. Treasury, which occurred in late December.

Details of the U.S. Treasury Hack

During this cyberattack, hackers exploited a stolen private key from BeyondTrust, a cybersecurity firm specializing in identity access technology. This breach allowed state-backed group Silk Typhoon to infiltrate various departments within the U.S. Treasury, including its sanctions office.

READ ALSO  Trump's National Security Adviser Allegedly Used Personal Gmail for Official Government Business

According to OFAC, Yin Kecheng has been involved in cyber activities for over a decade and is associated with China’s Ministry of State Security, which oversees the country’s foreign intelligence operations.

Commitment to Cybersecurity

U.S. Treasury official Adewale O. Adeyemo stated, “The Treasury Department will continue to use its authorities to hold accountable malicious cyber actors who target the American people, our companies, and the United States government.” This statement underscores the U.S. commitment to enhancing cybersecurity and protecting critical infrastructure from foreign threats.

Recent Sanctions Against Cybersecurity Firms

Earlier this month, the U.S. government also sanctioned another cybersecurity company, Integrity Technology Group, due to its alleged connections with the government-backed hacking group known as Flax Typhoon. The Treasury Department indicated that Integrity Technology had been involved in multiple computer intrusion incidents targeting U.S. critical infrastructure.

For more information on cybersecurity measures and updates, visit the U.S. Department of Homeland Security’s Cybersecurity page.

Similar Posts

Mozilla Addresses Backlash: Assures Users Their Data Won't Fuel AI Development

Mozilla Fixes Critical Firefox Vulnerability Exploited in the Wild, Echoing Chrome’s Recent Security Threat

Bysupport

Mozilla has released a critical update for Firefox (version 136.0.4) to address a significant security vulnerability (CVE-2025-2857) that cybercriminals were actively exploiting. This flaw allows attackers to escape Firefox’s sandbox, potentially leading to unauthorized access to sensitive data. The issue also affects other browsers, including the Tor Browser, which has been updated as well. Kaspersky researcher Boris Larin confirmed that this vulnerability shares similarities with a recent bug in Google Chrome. Users are urged to keep their browsers updated to safeguard against evolving cyber threats and maintain online security.

Major Law Enforcement Operation Seizes Russian Crypto Exchange Garantex: What You Need to Know

Major Law Enforcement Operation Seizes Russian Crypto Exchange Garantex: What You Need to Know

Bysupport

The U.S. Secret Service, in collaboration with international law enforcement, has seized the Russian cryptocurrency exchange Garantex, linked to darknet markets and ransomware. The operation, prompted by a warrant from the U.S. Attorney’s Office, reflects heightened measures against the exchange following EU sanctions due to its ties with sanctioned Russian banks. In 2022, the U.S. Treasury sanctioned Garantex for over $100 million in transactions with illicit actors. After the seizure, Garantex suspended all services and warned users of threats to their assets, including $28 million in Tether. The situation continues to evolve as authorities address cryptocurrency regulations.

DOJ Confirms FBI's Major Operation to Eradicate Chinese Malware from Thousands of US Computers

DOJ Confirms FBI’s Major Operation to Eradicate Chinese Malware from Thousands of US Computers

Bysupport

U.S. authorities have disrupted the operations of the state-sponsored Chinese hacking group “Twill Typhoon,” linked to a global espionage campaign affecting millions of computers. On August 2024, the Department of Justice and FBI, in collaboration with French authorities and the cybersecurity firm Sekoai, executed a court-authorized operation to eliminate the “PlugX” malware from over 4,200 infected U.S. computers. The malware, utilized since 2014 for espionage, collects victim files for exfiltration. The U.S. has accused the Chinese government of funding Twill Typhoon, amid ongoing concerns about Chinese cyber threats targeting global organizations and government systems.

Signal App Downloads Surge in the U.S. and Yemen Amid Government Scandal Unfolding

Signal App Downloads Surge in the U.S. and Yemen Amid Government Scandal Unfolding

Bysupport

The encrypted messaging app Signal is in the spotlight following a security breach involving Trump administration officials, including Vice President J.D. Vance and Secretary of Defense Peter Hegseth, who discussed military plans in an unauthorized group chat. Journalist Jeffrey Goldberg was mistakenly added, exposing sensitive discussions. While Signal’s encryption remains intact, this incident underscores the need for strict security protocols. Following the breach, Signal’s downloads surged by 28% globally, with notable increases of 45% in the U.S. and 42% in Yemen. The government is currently investigating the breach, highlighting risks associated with using consumer messaging apps for sensitive communications.

UK Domain Leader Nominet Reports Cybersecurity Breach Tied to Ivanti VPN Vulnerabilities

UK Domain Leader Nominet Reports Cybersecurity Breach Tied to Ivanti VPN Vulnerabilities

Bysupport

Nominet, the U.K. domain registry managing .co.uk domains, is dealing with a significant cybersecurity incident linked to a vulnerability in Ivanti’s VPN software. Hackers accessed Nominet’s systems via this third-party VPN, exploiting a zero-day vulnerability before Nominet could implement security patches. Although Ivanti has not disclosed the number of affected customers, cybersecurity experts report widespread compromises among various organizations. Nominet has restricted VPN access and is investigating the incident while assuring customers that there is currently no evidence of data breaches. They are monitoring their systems and updating stakeholders throughout the investigation.

Paragon Confirms U.S. Government's Use of Their Spyware Solutions

Paragon Confirms U.S. Government’s Use of Their Spyware Solutions

Bysupport

Israeli spyware firm Paragon Solutions has confirmed it supplies technology to the U.S. government and allied nations, amid allegations of misuse against journalists and civil society members. Paragon’s chairman, John Fleming, stated the company enforces strict licensing policies that prohibit the unlawful targeting of such individuals, with a zero-tolerance policy for violations. The controversy heightened after WhatsApp alleged Paragon’s spyware was involved in hacking campaigns against 90 targets, including journalist Francesco Cancellato and activist Husam El Gomati. WhatsApp has since issued a cease and desist letter to Paragon, as concerns grow over the implications of its technology.