Chinese nationals Yunhe Wang, Jingping Liu, and Yanni Zheng have been sanctioned by the U.S. Treasury Department for operating the residential proxy service 911 S5, which was a botnet comprised of over 19 million residential IP addresses that had been used to support various cybercrime groups' COVID-19 relief scams and bomb threats, Ars Technica reports.
Officials of the Treasury Department have also sanctioned Thailand-based Tulip Biz Pattaya Group Company Limited, Lily Suites Company Limited, and Spicy Code Company Limited, all of which have been involved with Wang.
"Treasury, in close coordination with our law enforcement colleagues and international partners, will continue to take action to disrupt cybercriminals and other illicit actors who seek to steal from US taxpayers," said Treasury Department Under Secretary Brian Nelson.
Such a development follows a Mandiant report detailing Chinese state-sponsored threat actors' mounting utilization of operational relay box networks, or proxy networks of botnets, for cyberespionage efforts.