Title: Global Malware Network Linked to $5.9 Billion Covid Relief Fund Theft Shut Down, Chinese National Arrested

In a significant breakthrough, the Department of Justice (DOJ) has successfully partnered with the FBI and international law enforcement agencies to dismantle a global malware network responsible for the theft of $5.9 billion in Covid relief funds. The operation, which also uncovered links to heinous crimes like child exploitation and bomb threats, led to the arrest of a Chinese national named YunHe Wang, who is now facing a maximum of 65 years in prison.

The malware network, known as "botnet," was allegedly created and operated by Wang, who utilized it to hack into over 19 million IP addresses across nearly 200 countries. Notably, more than half a million IP addresses targeted were located within the United States. Operating from approximately 150 servers worldwide, including some in the US, Wang's botnet, named "911 S5," has been described by FBI Director Christopher Wray as "likely the world's largest botnet ever."

The criminal activities orchestrated through the botnet were not limited to cyberattacks. Wang is accused of selling access to the compromised IP addresses to other cybercriminals, amassing a staggering $99 million in ill-gotten gains. He allegedly used this money to acquire luxury cars, watches, and properties across the globe. The DOJ has identified a range of crimes facilitated by the botnet, including fraud, stalking, harassment, illegal exportation of goods, and more.

Of particular concern is the botnet's targeting of Covid relief programs. An estimated 560,000 false unemployment insurance claims were filed through the botnet, resulting in the theft of $5.9 billion in funds intended to aid those affected by the pandemic. Assistant Secretary for Export Enforcement Matthew S. Axelrod emphasized the audacity of Wang's scheme, stating, "The conduct alleged here reads like it's ripped from a screenplay." Axelrod highlighted the collaborative efforts of domestic and international law enforcement agencies, working closely with industry partners, in bringing Wang to justice.

Following the arrest of Wang, the DOJ, in conjunction with the FBI, released a comprehensive guide to help individuals identify if their devices had fallen victim to a 911 S5 attack and provided instructions on removing the malware. Wang's actions also caught the attention of the Treasury Department, which imposed sanctions on Wang and two other individuals associated with 911 S5. Additionally, three companies owned or controlled by Wang were subjected to sanctions: Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited.

Wang now faces a maximum sentence of 65 years in prison, charged with multiple criminal counts including conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. The charges underscore the urgent need for law enforcement agencies to update protocols and strengthen cybersecurity measures in the face of increasingly sophisticated cyber threats. In this regard, the US has expressed particular concern over China-backed hackers targeting American infrastructure.

This successful operation marks a significant victory in the ongoing battle against cybercrime and sends a clear message to cybercriminals operating worldwide. The coordinated efforts of the DOJ, FBI, and international law enforcement agencies have dealt a severe blow to a major criminal enterprise, safeguarding billions of dollars in relief funds and protecting individuals from the devastating impact of cyberattacks.