The US Department of Justice (DOJ) on Wednesday reported the arrest of Chinese national YunHe Wang on charges of creating and using malware that was used in cyber attacks, large-scale fraud and child exploitation.
The indictment was unsealed on May 24 and alleged that Wang and his associates created and spread malware, compromising a network of millions of residential Windows computers worldwide. Wednesday’s announcement revealed that between 2018 and July 2022, Wang received $99 million in cryptocurrency or traditional currency from the sale of hijacked proxy IP addresses. This operation led to a fraudulent loss of over $5.9 billion from 560,000 fraudulent unemployment insurance claims from compromised IP addresses. Wang and his associates conducted their operations internationally to buy real estate in the US, St. Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates. According to the DOJ, Wang’s holdings included sports cars, more than a dozen domestic and international bank accounts, over two dozen cryptocurrency wallets, luxury watches, and 21 properties in various countries.
The DOJ-led operation, in collaboration with international law enforcement partners, targeted and disrupted Wang’s network, known as the “911 S5” botnet. This network had been used to enable a range of illegal activities including cyber-attacks, large-scale fraud, child exploitation, harassment, bomb threats and violations of export regulations. This is “likely the world’s largest botnet ever,” said FBI Director Christopher Wray in Wednesday’s announcement.
Agents and officers conducted searches at various residences, confiscated assets worth about $30 million and identified further property eligible for forfeiture valued at roughly $30 million. Additionally, the operation resulted in the seizure of 23 domains and over 70 servers, which formed the core infrastructure of Wang’s former residential proxy service.
The Treasury Department also announced financial sanctions on May 28 against Wang and his associates for their activities related to 911 S5.
Wang faces charges of conspiracy to commit computer fraud, actual computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. If found guilty on all charges, Wang could receive a maximum sentence of 65 years in prison.