DOJ charges Chinese national with operating 'world's largest botnet' that stole $5.9 billion in Covid relief funds

A global malware network responsible for the theft of $5.9 billion in Covid relief funds and tied to other crimes like child exploitation and bomb threats has been shut down, Department of Justice officials announced Wednesday.

The DOJ arrested 35-year-old YunHe Wang, a Chinese national who was charged with creating the "botnet," a kind of malware that connects a network of hacked devices, which criminals can then use remotely to launch cyberattacks.

Federal Bureau of Investigation Director Christopher Wray said it is "likely the world's largest botnet ever."

From 2014 to 2022, Wang launched and operated the botnet, called "911 S5," from roughly 150 servers worldwide, including some in the U.S., according to the indictment. The botnet hacked into over 19 million IP addresses in nearly 200 countries, the DOJ announcement said. About 614,000 IP addresses were in the U.S., according to the indictment.

The FBI released a how-to guide for users to identify if their devices had been targets of a 911 S5 attack and if so, how to remove the malware.

Wang allegedly sold access to the compromised IP addresses to cybercriminals and amassed at least $99 million, which he used to buy luxury cars, watches and property around the world, the DOJ announcement said.

911 S5 was also used for fraud, stalking, harassment, illegal exportation of goods and other crimes, the DOJ said. In particular, the botnet targeted Covid relief programs and filed an estimated 560,000 false unemployment insurance claims, stealing $5.9 billion.

"The conduct alleged here reads like it's ripped from a screenplay," said Assistant Secretary for Export Enforcement Matthew S. Axelrod of the U.S. Department of Commerce's Bureau of Industry and Security.

"What they don't