US government sanctions massive proxy botnet operation that offered free VPN services

News
By published

Three individuals and their companies sanctioned

CDN

The United States Department of Treasury has sanctioned three Chinese nationals and three of their companies for running a major proxy botnet operation that infected consumer devices with malware and facilitating cybercrime at global scale.

According to the Office of Foreign Assets Control (OFAC), the three individuals are Yunhe Wang, Jingping Liu, and Yanni Zheng, while the companies are called Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited, all owned by Yunhe Wang and registered in Thailand. 

The three set up and operated 911 S5, a massive botnet controlling a residential proxy service known as “911 S5”.

Painful sanctions

A residential proxy botnet is a network of compromised devices, typically PCs, smartphones, and similar, located in residential areas. They are usually hijacked through malware, and controlled to offer other cybercriminals ways to route internet traffic and thus remain anonymous while conducting illegal activities online. 

"These individuals leveraged their malicious botnet technology to compromise personal devices, enabling cybercriminals to fraudulently secure economic assistance intended for those in need and to terrorize our citizens with bomb threats," said Under Secretary Brian E. Nelson. "Treasury, in close coordination with our law enforcement colleagues and international partners, will continue to take action to disrupt cybercriminals and other illicit actors who seek to steal from U.S. taxpayers."

These sanctions mean US companies, banks, and other entities, are not allowed to do business with these people, or these companies. Also, US companies are not allowed to do business with other firms who do service these individuals, so the result can be quite painful for the ones on the receiving end.

Apparently, the three were offering people a free VPN service, which came with a piece of malware that added their devices to the botnet. The botnet was later used by cybercriminals for different things, including bomb threats that were made across the US two years ago, BleepingComputer reported. 

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
An American flag flying outside the US Capitol building against a blue sky
Chinese cybersecurity firm sanctioned by US Treasury over alleged links to Salt Typhoon hackers
China
Chinese cybersecurity firm hit by US sanctions over ties to Flax Typhoon hacking group
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
Representational image of a cybercriminal
US, UK crack down on Russian bulletproof hosting service ZServers for LockBit partnership
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
A major FBI operation has deleted Chinese malware from thousands of US computers
An American flag flying outside the US Capitol building against a blue sky
More alleged Chinese intrusions into the US Treasury revealed
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
Open AI
OpenAI live stream - could we see a major ChatGPT upgrade?
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Open AI

OpenAI live stream - could we see a major ChatGPT upgrade?
See more latest
Most Popular
Open AI
OpenAI live stream - could we see a major ChatGPT upgrade?
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar has the world's first Bluetooth audio gateway in a wired gaming microphone
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'