The United States called one of the pirates who allegedly behind the massive violations of typhoon salt

When the Biden administration comes to an end, the White House released a 40-page executive order Thursday aimed at bolstering federal cybersecurity protections and put guardrails on the US government’s use of AI. WIRED also spoke with the outgoing US ambassador for cyberspace and digital policy, Nathaniel Fick, about the urgency that the Trump administration does not cow to Russia and China in the global race for technical dominance. On the way out FCC Chair Jessica Rosenworcel told WIRED the threats facing US telecommunications, at least nine of which were recently breached by Salt Typhoon hackers in China. Meanwhile, US officials are still struggling to get a handle on multiple spying campaigns and other data breaches, with new revelations this week that an AT&T breach disclosed last summer. Compromised FBI call and text logs that could reveal the identity of anonymous sources.

Huione Guarantee, the massive online marketplace that researchers say provides a range of services to online scammers, is expanding its offerings to include a messaging app, stablecoin and crypto exchange and facilitated a whopping $24 billion in transactionsaccording to new research. The new findings indicate that GitHub’s efforts to curb the use of deepfake pornographic software have failed. And WIRED took a deep dive into the opaque world of predictive travel monitoring and the companies and governments pumping out data about international travelers in AI tools aimed at detecting people who could be a “threat”.

But wait, there’s more! Every week, we add security and privacy news that we haven’t covered in depth. Click the headlines to read the full stories. And stay safe outside.

Chinese spies, US spies, all spies. Mutual espionage is a geopolitical game played by almost every nation in the world. So when the US government singles out a single hacker for espionage-focused intrusions, naming him and targeting him with sanctions, he must have spied aggressively—or effectively—enough to have pissed off a lot of powerful people.

On Friday, the US Treasury imposed sanctions on Yin Kecheng, a 39-year-old Chinese man accused of being involved in both the breach of nine US telecommunications companies carried out by the Chinese hacking group known as Salt Typhoon, either in another recent breach of the US Treasury. In a statement on the news, the Treasury says Yin is affiliated with China’s Ministry of State Security and has been a “cyber actor” for more than a decade. It also imposed sanctions on Sichuan Juxinhe Network Technology, a company the Treasury says is also associated with Salt Typhoon.

The Salt Typhoon breach of US telecommunications gave Chinese hackers huge access to real-time texts and phone calls of Americans, and was used to spy on President-elect Donald Trump and Vice President-elect JD Vance, among other goals. FBI Director Christopher Wray has called telecom breach China’s “most significant cyberespionage campaign in history.”

As the Treasury responds to China’s spying operations, it is also working to determine the purpose of the intrusion that some of those same hackers carried out in its network. An internal Treasury report obtained by Bloomberg found that hackers penetrated at least 400 of the agency’s PCs and stole more than 3,000 files in a recent breach. The intrusion focused on espionage appears to have gone after sanctions and information related to law enforcement, the report found, as well as other intelligence materials. Despite that broad access, the intruders did not gain access to Treasury emails or classified parts of its network, the report states, nor did they leave malware that would suggest an attempt to maintain long-term access.

The Department of Justice revealed this week that the FBI conducted an operation to remove a malware specimen known as PlugX from 4,200 computers worldwide. The malware, which was typically transmitted to computers via infected USB drives, has persisted for at least a decade and has at times been used by Chinese state hacking groups to target Chinese dissidents. In July last year, the cybersecurity firm Sekoia and French law enforcement took over the command and control server behind the malware. This week, the FBI obtained a court order that allowed the bureau to send a self-destruct command to software on infected machines.

Following news earlier this week of a December cyberattack that breached US education technology platform PowerSchool, school districts targeted by the breach told TechCrunch on Thursday that the attackers had access to “ all” student and teacher data stored in their accounts. PowerSchool is used by more than 60 million K-12 students in the United States. The hackers gained access to the information by stealing login credentials that gave them access to the company’s customer support portal. The attack has not yet been publicly linked to a specific perpetrator. PowerSchool has not yet disclosed the exact number of schools affected or whether all of its customers have been affected.