The United States is designating three People's Republic of China nationals for activities associated with a malicious botnet known as 911 S5 as well as three entities located in Thailand for being owned or controlled by one of these individuals.
Cybercriminals have used the 911 S5 malicious botnet to compromise victims' computers and disguise their digital tracks, so that their cybercrimes appeared to trace back to the victims' computers instead of their own, enabling them to commit widespread cyber-enabled fraud. As part of this scheme, 911 S5 has compromised approximately 19 million IP addresses and facilitated the submission of tens of thousands of fraudulent applications related to Coronavirus Aid, Relief, and Economic Security (CARES) Act programs by its users, resulting in the loss of billions of dollars.
We are taking action today to disrupt these cybercriminals as part of a whole-of-government action and in coordination with international partners. The United States will continue to act against cybercriminals who seek to exploit our financial system and defraud U.S. taxpayers.
The Department of the Treasury action was taken pursuant to Executive Order 13694
