- The Department of Justice (DOJ) has dismantled a global malware network linked to the theft of $5.9 billion in Covid relief funds and various crypto crimes.
- The network was also involved in child exploitation, bomb threats, and numerous cyberattacks.
- FBI Director Christopher Wray described the network as “likely the world’s largest botnet ever.”
Discover how the DOJ dismantled a global malware network responsible for $5.9 billion in Covid relief fund theft and various crypto crimes, leading to the arrest of Chinese national YunHe Wang.
DOJ Dismantles Global Malware Network
The Department of Justice (DOJ) has announced the dismantling of a global malware network linked to the theft of $5.9 billion in Covid relief funds and various crypto crimes. The network, which was also involved in child exploitation, bomb threats, and numerous cyberattacks, was operated by 35-year-old YunHe Wang, a Chinese national. Wang has been charged with creating and operating the “911 S5” botnet, a type of malware that connects a network of hacked devices, allowing criminals to remotely launch cyberattacks.
The Scale of the 911 S5 Botnet
From 2014 to 2022, Wang managed the 911 S5 botnet using approximately 150 servers worldwide, including some in the U.S. The botnet compromised over 19 million IP addresses across nearly 200 countries, with about 614,000 IP addresses located in the U.S. According to a separate analysis by blockchain analytics firm Chainalysis, wallet addresses associated with Wang held over $130 million in digital assets earned through illicit commissions.
Deceptive VPN Services and Illicit Earnings
Researchers at Chainalysis revealed that the 911 S5 botnet provided its services by distributing deceptive free VPN services, claiming to offer enhanced privacy while actually using backdoors to hijack millions of IP addresses globally. This allowed the 911 S5 administrators to make millions annually through a subscription-based service for cybercriminals. The FBI has provided a guide for users to check if their devices were affected by the 911 S5 attack and instructions on how to remove the malware if necessary.
Wang’s Illicit Gains and Legal Consequences
Wang allegedly sold access to the compromised IP addresses to cybercriminals, amassing at least $99 million. He reportedly used these illicit earnings to purchase luxury cars, watches, and properties around the world. The DOJ stated that the 911 S5 botnet was used for various crimes, including fraud, stalking, harassment, and the illegal exportation of goods. It notably targeted Covid relief programs, filing an estimated 560,000 false unemployment insurance claims and stealing $5.9 billion.
Sanctions and Legal Proceedings
This arrest follows the U.S. Treasury Department’s sanctions against Wang and two associates for their involvement with the 911 S5 botnet. The Treasury also sanctioned three companies owned or controlled by Wang: Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited. Wang faces a maximum sentence of 65 years in prison on four criminal counts: conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering.
Conclusion
The dismantling of the 911 S5 botnet marks a significant victory in the fight against cybercrime. The DOJ’s actions have not only disrupted a major criminal network but also highlighted the importance of international cooperation in combating cyber threats. As the legal proceedings against Wang and his associates continue, this case serves as a stark reminder of the pervasive and evolving nature of cybercrime in the digital age.
