News
Chinese national charged with operating ‘world’s largest botnet’ linked to billions in cybercrimes
Colonial Pipeline hack only latest in rising ransomware threats
Hackers hit hundreds of critical systems last year and watchdogs say we’re not doing enough head off more.
STAFF VIDEO, USA TODAY
A Chinese national has been arrested for his role in operating a residential proxy service that was used to defraud billions of dollars from the U.S. government and fund his lavish lifestyle, which included buying luxury cars and property around the world, the Department of Justice announced Wednesday.
YunHe Wang, 35, was arrested on May 24 and charged with creating a massive network of hijacked computer devices, also known as a “botnet,” that was used to conduct cyber attacks, fraud, child exploitation, bomb threats, and export violations, the department alleged. Wang administered the botnet, called “911 S5,” through about 150 servers worldwide from 2014 to 2022, according to an indictment unsealed last week.
About 76 of the servers were leased from online service providers based in the United States, the indictment said. The botnet infected over 19 million IP addresses in nearly 200 countries, including over 613,000 IP addresses located in the United States, according to prosecutors.
The Justice Department announcement comes after Wang and his two co-conspirators, Jingping Liu and Yanni Zheng, were sanctioned by the Department of Treasury for their alleged involvement with the malicious botnet. The department also imposed sanctions on three luxury companies Wang owned or controlled.
Authorities also searched Wang’s residences and seized assets valued at about $30 million as well as identifying other property valued at roughly an additional $30 million, prosecutors said.
“The conduct alleged here reads like it’s ripped from a screenplay,” Matthew Axelrod, assistant secretary for export control at the Department of Commerce, said in a statement Wednesday. “A scheme to sell access to millions of malware-infected computers worldwide, enabling criminals over the world to steal billions of dollars, transmit bomb threats, and exchange child exploitation materials — then using the scheme’s nearly $100 million in profits to buy luxury cars, watches, and real estate.”
The Department of Justice partnered with the FBI and international law enforcement agencies in Singapore, Thailand, and Germany to dismantle the botnet and arrest Wang. The case is the latest in the federal government’s ongoing effort to thwart global cybercrime, which has become increasingly widespread.
These crimes can range from intellectual property theft to ransomware and can cost businesses billions of dollars in losses in addition to threatening critical sectors across the country, according to the Department of State. In recent years, federal authorities have expanded their international operations and country-to-country partnerships in order to better address cyber threats.
‘Urgency and severity of cyberattacks’: EPA urges water utilities to protect nation’s drinking water amid heightened cyberattacks
911 S5 Botnet ‘likely the world’s largest botnet ever’
FBI Director Christopher Wray said in a statement Wednesday that 911 S5 is “likely the world’s largest botnet ever.” According to the indictment, Wang allegedly spread his malware through Virtual Private Network programs and pay-per-install services, which allowed him to manage and control the roughly 150 servers.
Paying customers were then given access to proxied IP addresses that were linked to the hacked devices, the indictment said. Cybercriminals used those addresses to hide their locations and “anonymously commit a wide array of offenses,” the Department of Justice alleged.
“These offenses including financial crimes, stalking, transmitting bomb threats and threats of harm, illegal exportation of goods, and receiving and sending child exploitation materials,” according to the department. “Since 2014, 911 S5 allegedly enabled cybercriminals to bypass financial fraud detection systems and steal billions of dollars from financial institutions, credit card issuers, and federal lending programs.”
Specifically, the botnet targeted COVID-19 pandemic relief programs and filed an estimated 560,529 fraudulent unemployment insurance claims, according to the indictment. Federal authorities confirmed that more than $5.9 billion was stolen as a result.
The indictment further alleged that Wang had amassed about $99 million — either in cryptocurrency or fiat currency — from his sales of the infected proxied IP addresses. He used the illicit proceeds to purchase luxury assets and property.
Wang bought property in the United States, St. Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates, according to the indictment. He also had dozens of other assets, such as luxury cars, watches, international bank accounts, and cryptocurrency wallets.
Wang was charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. He faces a maximum of 65 years in prison.
Cybercrime, COVID fraud in the U.S.
Cybercrime is a “significant and growing threat” to the country’s national and economic security, according to the State Department. As people become more dependent on information and communication technologies, the department said more criminals continue to shift online.
Wang’s arrest also comes amid a push from federal officials for organizations to update and follow cybersecurity guidelines. Federal agencies have issued multiple advisories for cyberattacks committed by foreign groups in recent years.
In January, the FBI and Department of Justice announced that they had “disrupted a botnet of hundreds of U.S.-based small office/home office routers hijacked” by China-linked hackers. The group, known as “Volt Typhoon,” targeted critical infrastructure organizations in the United States, such as water systems and electric grids.
The surge in malicious cyber incidents coincides with the rise in online communication during the COVID-19 pandemic, according to a 2023 cyberthreat study. Citing FBI data, the study said cybercrime increased by 400% during the pandemic.
“Cybercriminals find the uncertainty brought by changing daily habits opportune and the increased virtual existence is converted into available attack vectors,” the study noted.
In the four years since the onset of the pandemic, the Internal Revenue Service has investigated over 1,600 tax and money laundering cases related to COVID-19 fraud potentially worth about $8.9 billion, the agency said in March. Cases included fraudulently obtained loans, credits and payments meant for U.S. workers, families and small businesses under the Coronavirus Aid, Relief and Economic Security, or CARES, Act.
Contributing: Josh Meyer, USA TODAY
Smoke rises over Konarak naval base in southern Iran on Sunday. The base was one of hundreds of targets of U.S. and Israeli forces throughout the country.
Planet Labs PBC
hide caption
toggle caption
Planet Labs PBC
Commercial satellite images are providing a unique look at the extent of damage being done to Iran’s military facilities across the country.
The U.S. and Israeli military campaign opened with a daytime attack that struck Iranian leadership in central Tehran. Smoke was still visible rising from Ayatollah Ali Khamenei’s compound following the attack that killed the supreme leader.
An image by the company Airbus taken on Saturday shows the aftermath of an Israeli strike on Iran’s Leadership House in central Tehran. Iran’s Supreme Leader Ayatollah Ali Khamenei was killed in the opening wave of attacks.
Pléiades Neo (c) Airbus DS 2026
hide caption
toggle caption
Pléiades Neo (c) Airbus DS 2026
Israel and the U.S. have gone on to strike targets across the country. Reports on social media indicate that there have been numerous military bases and compounds attacked all over Iran, and Iran has responded with attacks throughout the Middle East.
U.S. forces have also been striking at Iran’s navy. In a post on his social media platform, President Trump said that he had been briefed that U.S. forces had sunk nine Iranian naval vessels. U.S. Central Command did not immediately confirm that number but it did say it had struck an Iranian warship in port.
An image captured on Saturday shows a ship burning at Iran’s naval base at Konarak.
Satellite image ©2026 Vantor
hide caption
toggle caption
Satellite image ©2026 Vantor
Numerous satellite images show burning vessels at Konarak naval base in southern Iran. Images also show damage to a nearby airbase where hardened hangers were struck by precision munitions.
Hardened aircraft shelters at Konarak airbase were struck with precision munitions.
Satellite image ©2026 Vantor
hide caption
toggle caption
Satellite image ©2026 Vantor
And there was extensive damage at a drone base in the same area. Iran has launched numerous drones and missiles toward Israel and U.S. military installations in Bahrain, Kuwait and Qatar. Many drones have been intercepted but videos on social media show that some have evaded air defenses and caused damage in nearby Gulf countries. In Dubai, debris from an Iranian drone damaged the iconic Burj Al Arab, according to a statement from Dubai’s government.
Buildings at an Iranian drone base at Konarak were destroyed in the strikes.
Satellite image ©2026 Vantor
hide caption
toggle caption
Satellite image ©2026 Vantor
Iran’s most powerful weapons are its long-range missiles. The Iranian Revolutionary Guards have hidden the missiles deep inside mountain tunnels. Images taken Sunday in the mountains of northern Iran indicate that some of those tunnels were hit in a wave of strikes.
Following Khamenei’s death, Iran declared 40 days of mourning. Satellite images showed mourners gathering in Tehran’s Enghelab square on Sunday.
Iranian Foreign Ministry Spokesperson Esmail Baghaei told NPR on Sunday that Iran will continue to fight “foreign aggression, foreign domination.”
A White House official told NPR that Trump plans to talk to Iran’s interim leadership “eventually,” but that for now, U.S. operations continue in the region “unabated.”
A large crowd of mourners fill Enghelab Square in Tehran on Sunday, following the death of Iran’s Supreme Leader Ayatollah Ali Khamenei, who was killed in an Israeli airstrike.
Satellite image ©2026 Vantor
hide caption
toggle caption
Satellite image ©2026 Vantor
new video loaded: What the Texas Primary Battle Means for the Midterms
By J. David Goodman, Alexandra Ostasiewicz, June Kim and Luke Piotrowski
March 1, 2026
Gunfire rang out at a bar in Austin, Texas, early Sunday and at least three people were killed, the city’s police chief said.
Austin Police Chief Lisa Davis told reporters the shooter was killed by officers at the scene.
Fourteen others were hospitalized and three were in critical condition, Austin-Travis County EMS Chief Robert Luckritz said.
“We received a call at 1:39 a.m. and within 57 seconds, the first paramedics and officers were on scene actively treating the patients,” Luckritz said.
There was no initial word on the shooter’s identity or motive.
Davis noted how fortunate it was that there was a heavy police presence in Austin’s entertainment district at the time, enabling officers to respond quickly as bars were closing.
“Officers immediately transitioned … and were faced with the individual with a gun,” Davis said. “Three of our officers returned fire, killing the suspect.”
She called the shooting a “tragic, tragic” incident.
Austin Mayor Kirk Watson said his heart goes out to the victims, and he praised the swift response of first responders.
“They definitely saved lives,” he said.
Davis said federal law enforcement is aiding the investigation.
Utah mom in upscale ski community killed husband to fund romance and lavish lifestyle, DA says
Ilhan Omar doesn’t have any regrets for her ‘unavoidable’ outburst at State of the Union
FAA restricts Texas airspace after Pentagon reportedly strikes down Customs and Border Protection drone
Federal prosecutor admits ‘extraordinary’ timing in Abrego Garcia smuggling case charges
NJ Gov Mikie Sherrill booed at Devils game honoring US Olympic hockey hero Jack Hughes
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
House Republicans push Johnson to go to war with Senate over SAVE Act
Israel FM says Europe too divided, slams Spanish PM
Satellite images provide view inside Iran at war
Video: What the Texas Primary Battle Means for the Midterms
Dems’ potential 2028 hopefuls come out against US strikes on Iran
-
World4 days agoExclusive: DeepSeek withholds latest AI model from US chipmakers including Nvidia, sources say
-
Massachusetts5 days agoMother and daughter injured in Taunton house explosion
-
Denver, CO5 days ago10 acres charred, 5 injured in Thornton grass fire, evacuation orders lifted
-
Louisiana1 week agoWildfire near Gum Swamp Road in Livingston Parish now under control; more than 200 acres burned
-
Technology1 week agoYouTube TV billing scam emails are hitting inboxes
-
Politics1 week agoOpenAI didn’t contact police despite employees flagging mass shooter’s concerning chatbot interactions: REPORT
-
Technology1 week agoStellantis is in a crisis of its own making
-
News1 week agoWorld reacts as US top court limits Trump’s tariff powers