The US Department of Justice (DOJ) reported on Wednesday the arrest of Chinese national YunHe Wang on charges connecting him to the creation and dissemination of malware used in cyber attacks, large-scale fraud, and child exploitation. The indictment, unsealed on May 24, outlines that Wang and his accomplices managed to compromise a network consisting of millions of residential Windows computers worldwide. As detailed by the DOJ, between 2018 and July 2022, Wang profited approximately $99 million either through cryptocurrency or traditional currency by selling hijacked proxy IP addresses.
This coordinated international crackdown, involving various international law enforcement partners, successfully disrupted Wang’s extensive botnet operation known as “911 S5.” According to the DOJ, the consequences of this operation have been significant, leading to over $5.9 billion in fraudulent losses derived from 560,000 false unemployment insurance claims distributed via the compromised IP addresses. The proceeds from these activities were allegedly funneled into various assets, including real estate across multiple countries, sports cars, luxury items, and numerous bank accounts and cryptocurrency wallets.
FBI Director Christopher Wray described the “911 S5” botnet as “likely the world’s largest botnet ever.” The operation culminated in the seizure of 23 domains and over 70 servers that constituted the botnet’s core infrastructure. Assets worth approximately $30 million were confiscated, with an additional $30 million identified for potential forfeiture.
The Treasury Department supplemented the DOJ’s efforts by imposing financial sanctions against Wang and his associates on May 28. Wang now faces multiple charges, including conspiracy to commit computer fraud, actual computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. If found guilty on all counts, he could be sentenced to a maximum of 65 years in prison. For further details, you can refer to the DOJ’s announcement.