Chinese citizens stole ‘billions’ in COVID relief funds, US says

Based in the Thai beach resort of Pattaya, the group took control of Americans’ computers to apply for funds.
By Alex Willemyns for RFA
Chinese citizens stole ‘billions’ in COVID relief funds, US says Screenshot of the website, May 29, 2024.

The U.S. Treasury Department has issued sanctions against three Thailand-based Chinese nationals for their alleged role in a cybercrime operation that took control of Americans’ computers to secure billions of dollars of COVID-19 relief funds.

Yunhe Wang, Jingping Liu, and Yanni Zheng ran the 911 S5 “botnet,” which took control of computers and “allowed cybercriminals to proxy their internet connections through these compromised computers” to make it appear as if the victims were carrying out the cybercrimes, according to a U.S. Treasury Department statement.

The botnet controlled some 19 million I.P. addresses, which executed “the submission of tens of thousands of fraudulent applications” under the 2020 Coronavirus Aid, Relief, and Economic Security Act, allegedly resulting in “billions of dollars” being wrongly disbursed.

Computers compromised by the botnet later made bomb threats “throughout” the United States in July 2022, the statement says.

Yunhe Wang, 35, allegedly led the scheme, while Jingping Liu, 58, is named as co-conspirator for laundering funds using cryptocurrency. 

Both are listed by the U.S. Treasury Department’s Office of Foreign Assets Control as living in the Reflection Jomtien Beach condo building in Chonburi province’s Pattaya City. A real estate listing describes it as the “epitome of luxury living on the serene shores of Pattaya.”

Yanni Zheng, 50, meanwhile, allegedly ran Yunhe Wang’s main company, Spicy Code Company Limited, and purchased real estate on his behalf, including luxury beachfront properties in Thailand. She is listed as living south of Pattaya, in neighboring Sattahip district.

All three also gained citizenship of the Caribbean nation of Saint Kitts and Nevis in May 2022, according to the Treasury Department.

In addition to the three individuals, the Treasury Department also issued sanctions against Spicy Code Company Limited and two other companies with alleged ties to Yunhe Wang: Tulip Biz Pattaya Group Company Limited and Lily Suites Company Limited.

Under the sanctions, American citizens, residents and companies are prohibited from doing business with the individuals and companies targeted, including providing banking or other services.

The sanctions were the result of a joint investigation between the U.S. Commerce Department, the FBI and local authorities in both Thailand and Singapore, the Treasury Department statement said.

Wong-akuea Boonson, a spokesperson for Thailand’s Ministry of Digital Economy and Society, declined to comment on the case.

“We have not received any reports regarding this matter,” Boonson told BenarNews, an affiliate of Radio Free Asia. “However, our ongoing policy is to manage and monitor online crimes, with a primary focus on educating the Thai population about cyber safety.”

Kunnawut Boonreak contributed reporting for BenarNews.

Edited by Malcolm Foster.


Add your comment by filling out the form below in plain text. Comments are approved by a moderator and can be edited in accordance with RFAs Terms of Use. Comments will not appear in real time. RFA is not responsible for the content of the postings. Please, be respectful of others' point of view and stick to the facts.