- The US Treasury Dept. is bringing sanctions against a Chinese cybersecurity firm and one of its employees
- The Government believes the employee is singlehandedly responsible for over 80,000 Sophos firewall breaches
- Many of the targets were part of US critical infrastructure
Chinese cybersecurity firm Sichuan Silence has been sanctioned by the US Treasury Department’s Office of Foreign Assets Control (OFAC) for its role in a string of Ragnarok ransomware attacks in April of 2020, in which tens of thousands of firewalls were compromised across the globe.
Also sanctioned was an employee of the firm, Guan Tianfeng, who is allegedly single-handedly responsible for exploiting 81,000 Sophos firewalls. Guan discovered a zero-day exploit in the Sophos firewall and used this to compromise businesses, and steal information like passwords.
Once the information was obtained, Guan would often disable the victims anti-virus software and encrypt the device with a Ragnarok ransomware variant, which infected the victim’s device.
23,000 successful compromises
The wide-reaching cyber espionage campaign compromised over 23,000 firewalls in the US alone, with 36 critical infrastructure targets – including an energy company. Obviously an impressive cybercriminal, Guan (also known as GbigMao), also competed in cybersecurity tournaments on behalf of Sichuan Silence.
The Justice Department has offered a $10 million reward for any information that could lead to the location of the attacker. The ‘malicious cyber activities’ against infrastructure are violations of the Computer Fraud and Abuse Act.
“The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world,” said Assistant Attorney General for National Security Matthew G. Olsen.
The sanctions include the seizure of any US property or assets belonging to the firm or to Guan, and blocking any entities that are more than 50% owned by Sichuan Silence, unless authorized by the OFAC.
The US government recently announced that mitigating Chinese cyberattacks is a top priority for US security forces, citing serious national security concerns.
The cybersecurity firm is said to have served as a third-party contractor for the Chinese government’s intelligence agency, offering tools and skills. From now on, US organizations and citizens are prohibited from engaging in any financial transactions with the firm.
Via BleepingComputer