A global malware network responsible for the theft of $5.9 billion in Covid relief funds and linked to other crimes such as child exploitation and bomb threats has been shut down, Justice Department officials say announced Wednesday.
The DOJ arrested 35-year-old YunHe Wang, a Chinese national accused of creating the “botnet,” a type of malware that connects a network of hacked devices, which criminals can then use remotely to carry out cyberattacks .
Federal Bureau of Investigation Director Christopher Wray said it is “probably the world's largest botnet ever.”
From 2014 to 2022, Wang launched and operated the botnet, called “911 S5,” from about 150 servers worldwide, including some in the US, according to the indictment. The botnet hacked more than 19 million IP addresses in nearly 200 countries, the DOJ announcement said. According to the indictment, approximately 614,000 IP addresses were located in the US.
The FBI has one DIY guide allowing users to identify whether their devices were targeted by a 911 S5 attack and, if so, how to remove the malware.
Wang allegedly sold access to the compromised IP addresses to cybercriminals and collected at least $99 million, using it to purchase luxury cars, watches and property worldwide, the DOJ announcement said.
911 S5 was also used for fraud, stalking, harassment, illegal export of goods and other crimes, the DOJ said. The botnet specifically targeted Covid relief programs and submitted an estimated 560,000 false unemployment insurance claims, stealing $5.9 billion.
“The conduct alleged here reads as if it was plucked from a screenplay,” said Assistant Secretary for Export Enforcement Matthew S. Axelrod of the Commerce Department's Bureau of Industry and Security.
“What they don't show in the films, however, is the painstaking work it takes for domestic and international law enforcement agencies, working closely with industry partners, to take down such a brazen scheme and make an arrest like this happen ,” Axelrod added.
The DOJ worked with the FBI and other international law enforcement agencies to dismantle the botnet and arrest Wang.
The arrest follows a day later Finance Department has sanctioned Wang and two others for their alleged involvement in 911 S5. The Treasury Department also imposed sanctions on three companies that Wang owned or controlled: Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited and Lily Suites Company Limited.
Wang faces a maximum sentence of 65 years in prison with four criminal counts: conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud and conspiracy to commit money laundering.
The charges come as U.S. law enforcement agencies try to update protocols to keep up with more advanced cybersecurity threats.
In recent years, the US has expressed particular concern about Chinese-backed hackers seeking to undermine US infrastructure.
In January, the FBI announced that it had dismantled the Chinese hacking group 'Volt Typhoon', which targeted US water plants, electricity grids and more.
“Today, and literally every day, they are actively attacking our economic security and engaging in wholesale theft of our innovation and our personal and corporate data,” Wray said at a hearing in January.
