Full Report
The US has issued sanctions against an individual and a company involved in recent high-profile compromises of government officials by Chinese state-affiliated hackers
Analysis Summary
# Threat Actor: Chinese State Cyber Actors (Sanctioned Individuals and Entities)
## Attribution & Identity
The threat actors are described as **Chinese state cyber actors**.
**Sanctioned Individuals/Entities:**
* **Yin Kecheng:** A Shanghai-based individual sanctioned by the US Treasury's Office of Foreign Assets Control (OFAC).
* **Sichuan Juxinhe Network Technology Co., Ltd:** A Sichuan-based cybersecurity company also sanctioned by OFAC.
## Activity Summary
The US government sanctioned these actors specifically for:
* The **hack of US Department of the Treasury computers** in December 2024.
* Compromises targeting **multiple telecoms providers**.
* The Treasury breach involved accessing **unclassified documents** held on certain Departmental Offices (DO) workstations. Reports suggest the computer of US Treasury Secretary Janet Yellen was among those compromised.
## Tactics, Techniques & Procedures
* **Supply Chain Exploitation:** The Treasury compromise was achieved via a **third-party cybersecurity vendor, BeyondTrust**.
* **Information Access:** Gaining unauthorized access to and storing information on victim workstations.
## Targeting
* **Sectors:** US Government (Department of the Treasury) and Telecommunications providers.
* **Geography:** Actors associated with China (Shanghai and Sichuan); victims located in the US (implied by the Treasury action).
* **Victims:** US Department of the Treasury (Departmental Offices workstations, including one potentially belonging to Secretary Janet Yellen) and multiple telecoms providers.
## Tools & Infrastructure
* **Malware families used:** Not explicitly named in the provided text.
* **Infrastructure (C2, domains, IPs):** Not explicitly detailed in the provided text.
## Implications
The sanctions indicate the direct targeting of US federal financial infrastructure (Treasury) and critical infrastructure (telecoms) by actors linked to the Chinese state. The use of legitimate third-party software vendors (BeyondTrust) highlights a sophisticated supply chain component to their operations, increasing the breadth of potential impact.
## Mitigations
* Enhanced scrutiny and segmentation of third-party vendor access, especially those with privileged access (implied by the BeyondTrust vector).
* Robust monitoring and incident response protocols for government systems handling unclassified data.