The Treasury Department announced sanctions Friday in connection with a massive Chinese hack of American telecommunications companies and a breach of its own computer network.
The sanctions target a Chinese hacker who officials say is affiliated with Beijing’s Ministry of State Security and who was involved in a cyber-intrusion disclosed last month that gave hackers access to an untold number of Treasury Department workstations.
Also targeted is a China-based cybersecurity company that U.S. officials say has direct links to a Chinese hacking group known as Salt Typhoon, which is believed responsible for a massive breach of major telecommunications companies that gave Beijing access to private texts and phone conversations of an unknown number of Americans.
The U.S. believes senior U.S. government officials and prominent political figures are among those whose communications were accessed.
“The Treasury Department will continue to use its authorities to hold accountable malicious cyber actors who target the American people, our companies, and the United States government, including those who have targeted the Treasury Department specifically,” Deputy Treasury Secretary Adewale Adeyemo said in a statement.
The sanctions mean that neither the hacking suspect, Yin Kecheng, who is based in Shanghai, nor the company, Sichuan Juxinhe Network Technology Co. LTD, can engage in any business transactions in the U.S.
The Treasury Department earlier this month sanctioned a Beijing-based cybersecurity company for its alleged role in multiple hacking incidents targeting critical U.S. infrastructure.
The Chinese government has repeatedly denied U.S. accusations of hacking, including disputing last month the allegations of the Treasury Department hack.
Friday’s sanctions announcement does not provide new details about the scope of the hack into the Treasury Department, which the agency has said it learned of on Dec. 8. That’s when a third-party software service provider, BeyondTrust, flagged that hackers had stolen a key “used by the vendor to secure a cloud-based service used to remotely provide technical support” to workers.
That key helped the hackers override the service’s security and gain remote access to several employee workstations.
Related: US Announces Sanctions Against North Korean Fake IT Worker Network
Related: US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters
Related: A New System Will Allow EU to Sanction People Waging Sabotage on Behalf of Russia
