The U.S. Department of Justice (DOJ) arrested Yune Wang, 35, a national of the People’s Republic of China and an investment citizen of St. Kitts and Nevis, on charges of engaging in “cyberattacks, botnet fraud used to commit large-scale attacks.” These include large-scale fraud, child exploitation, harassment, bomb threats and export violations.”
According to the May 29 indictment, from 2014 to 2020, Wang “created and accumulated malicious code to compromise and accumulate networks of millions of home Windows computers around the world,” affecting more than 19 million IP addresses through the 911 S5 botnet from 2014 to 2020. He was indicted on charges of “distribution.” He “targeted victims in more than 200 countries, sold hijacked IP addresses to cybercriminals to obtain cryptocurrency, and facilitated numerous computer-based crimes, including financial fraud, identity theft, and child exploitation.”
A separate analysis by blockchain analytics firm Chainlytic found that wallet addresses associated with Wang held more than $130 million in digital assets obtained through illegal commissions. Researchers at Chainalytic wrote:
“The 911 S5 botnet was able to provide these services by distributing a fraudulent free VPN service to its victims, which it claimed would provide users with enhanced privacy when browsing the web. In reality, 911 S5 used a backdoor embedded in its code. “This enabled 911 S5 administrators to earn millions of dollars annually through a subscription-based service that allowed cybercriminals to use victims’ IP addresses.”
Meanwhile, a DOJ law enforcement official added:
“911 S5 customers reportedly targeted specific pandemic relief programs. For example, in the United States, we estimate that 560,000 fraudulent unemployment insurance claims originated from compromised IP addresses, resulting in fraud losses exceeding $5.9 billion.”
Twenty-three domains, including more than 70 servers that constitute Wang’s operational backbone, were seized through a joint collaboration between law enforcement agencies in the United States, Singapore, Thailand, and Germany. Police said they also seized $30 million in assets related to the 911 S5.
Last month, Cointelegraph reported claims that China was Trojaning U.S. Bitcoin mining infrastructure through locally manufactured application-specific integrated circuit mining equipment. Experts say the equipment could allow Chinese intelligence agencies to conduct cyber espionage by targeting potentially sensitive military facilities, power grids or communications networks.
Related: 3AC’s $700 Million Worldcoin Windfall, China vs. Cryptocurrency Spy: Asia Express