US government sanctions massive proxy botnet operation that offered free VPN services


The United States Department of Treasury recently imposed sanctions on three Chinese nationals and three of their companies for operating a significant proxy botnet operation that infected consumer devices with malware and facilitated cybercrime on a global scale.

The sanctioned individuals, Yunhe Wang, Jingping Liu, and Yanni Zheng, along with their companies Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited, were found to be involved in the operation of 911 S5, a massive botnet controlling a residential proxy service known as “911 S5”.

Residential proxy botnets, such as 911 S5, consist of compromised devices located in residential areas, which are hijacked through malware and controlled to provide cybercriminals with anonymous internet traffic routing capabilities for conducting illegal activities online.


The sanctions imposed by the Office of Foreign Assets Control (OFAC) prohibit US entities from conducting business with the sanctioned individuals and companies. Additionally, US companies are barred from doing business with entities that provide services to the sanctioned parties, amplifying the impact of the sanctions.

Under Secretary Brian E. Nelson emphasized the disruptive effect of the sanctions on cybercriminals who exploit compromised devices for illicit activities, including fraudulent economic assistance claims and terrorizing citizens with bomb threats.

The sanctioned individuals allegedly offered a free VPN service that covertly installed malware on users’ devices, thereby adding them to the botnet. This botnet was subsequently utilized by cybercriminals for various malicious activities, including bomb threats reported across the US two years ago.