Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

APT

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD., for its involvement in the activities of the Salt Typhoon APT group, […]

China-linked APT Salt Typhoon

The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach.

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD., for its involvement in the activities of the Salt Typhoon APT group, which recently compromised multiple U.S. telecommunication and internet service providers.

The US Treasury’s OFAC also sanctioned Yin Kecheng, a Shanghai-based cyber actor who was involved with the recent hack of the Department of the Treasury’s network.

China-linked threat actors persistently target U.S. government IT systems and critical infrastructure.

“People’s Republic of China-linked (PRC) malicious cyber actors continue to target U.S. government systems, including the recent targeting of Treasury’s information technology (IT) systems, as well as sensitive U.S. critical infrastructure.” reads the Treasury’s OFAC’s announcement. “As highlighted in the most recent Office of the Director of National Intelligence Annual Threat Assessment, Chinese state-backed cyber actors continue to present some of the greatest and most persistent threats to U.S. national security.”

The Treasury Department discovered the security breach on December 8th from its vendor BeyondTrust, according to a letter to lawmakers.

BeyondTrust provides Privileged Access Management and secure remote access, serving sectors like government, healthcare, banking, and energy.

Early this month, the privileged access management company BeyondTrust suffered a cyberattack after threat actors breached some of its Remote Support SaaS instances.

The Treasury Department is investigating the incident with the help of the F.B.I., and the intelligence community.

The threat actors gained access to the workstations of government employees and unclassified documents.

In early 2025, the U.S. Treasury Department sanctioned Chinese cybersecurity firm Integrity Tech for its involvement in attacks attributed to the Flax Typhoon group.

The U.S. State Department offers up to $10M for tips on state-sponsored cyber actors targeting U.S. critical infrastructure under the Computer Fraud and Abuse Act.

U.S. sanctions block assets of designated persons, prohibit transactions involving their property, and impose penalties for violations, including on foreign entities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Salt Typhoon)