Pierluigi Paganini January 18, 2025

The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach.

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD., for its involvement in the activities of the Salt Typhoon APT group, which recently compromised multiple U.S. telecommunication and internet service providers.

The US Treasury’s OFAC also sanctioned Yin Kecheng, a Shanghai-based cyber actor who was involved with the recent hack of the Department of the Treasury’s network.

China-linked threat actors persistently target U.S. government IT systems and critical infrastructure.

“People’s Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including the recent targeting of Treasury’s information technology (IT) systems, as well as sensitive U.S. critical infrastructure.” reads the Treasury’s OFAC’s announcement. “As highlighted in the most recent Office of the Director of National Intelligence Annual Threat Assessment, Chinese state-backed cyber actors continue to present some of the greatest and most persistent threats to U.S. national security.”

The Treasury Department discovered the security breach on December 8th from its vendor BeyondTrust, according to a letter to lawmakers.

BeyondTrust provides Privileged Access Management and secure remote access, serving sectors like government, healthcare, banking, and energy.

Early this month, the privileged access management company BeyondTrust suffered a cyberattack after threat actors breached some of its Remote Support SaaS instances.

The Treasury Department is investigating the incident with the help of the F.B.I., and the intelligence community.

The threat actors gained access to the workstations of government employees and unclassified documents.

In early 2025, the U.S. Treasury Department sanctioned Chinese cybersecurity firm Integrity Tech for its involvement in attacks attributed to the Flax Typhoon group.

The U.S. State Department offers up to $10M for tips on state-sponsored cyber actors targeting U.S. critical infrastructure under the Computer Fraud and Abuse Act.

U.S. sanctions block assets of designated persons, prohibit transactions involving their property, and impose penalties for violations, including on foreign entities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Salt Typhoon)