On May 28, 2024, the U.S. Department of the Treasury’s Office of Foreign Assets Control designated three Chinese nationals — Yunhe Wang, Jingping Liu, and Yanni Zheng — for engaging in malicious cyber activities using 911 S5, a residential proxy botnet. OFAC also designated three entities based in Thailand that are owned or controlled by Wang. According to OFAC, 911 S5 has enabled cybercriminals to use compromised IP addresses to disguise their digital tracks so that the cybercrimes they commit are not traceable to their own computers. According to OFAC, 911 S5 was used to compromise approximately 19 million IP addresses without the computer owners’ knowledge and carry out widespread cyber-enabled fraud, including the submission of tens of thousands of fraudulent applications related to Coronavirus Aid, Relief, and Economic Security Act programs, resulting in billions of dollars in losses for the U.S. government.
As described by OFAC, Wang is 911 S5’s primary administrator, and co-conspirator Liu has helped Wang launder criminally derived proceeds, using them to purchase luxury real estate properties for Wang. Zheng reportedly acted as the power of attorney for Wang and Spicy Code Company Limited, and participated in numerous business transactions for Wang, including luxury real estate purchases.
These designations were imposed pursuant to Executive Order 13694, as amended by Executive Order 13757, for engaging in cyber-enabled activities originating from outside the United States that are aimed at threatening U.S. national security, foreign policy, or the economic health and stability of the United States. As a result of these designations, all property and interests in property of the designated persons within the United States or within the possession or control of a U.S. person are blocked, and U.S. persons are generally prohibited from engaging in transactions involving a designated person. Entities owned 50 percent or more by one or more blocked persons are also blocked.