A Chinese citizen, Guan Tianfeng, has been charged in a federal court in Hammond, Indiana, for his role in a conspiracy to hack into firewall devices worldwide in 2020. Guan, along with his co-conspirators who worked at Sichuan Silence Information Technology Co. Ltd., targeted a vulnerability in firewalls sold by Sophos Ltd., a UK-based cybersecurity company. The malware they deployed was intended to steal information from infected computers and encrypt files if a victim tried to remove the infection. Approximately 81,000 firewall devices worldwide were infected, including one used by a US agency.
Deputy Attorney General Lisa Monaco emphasized the seriousness of the attack and the Department of Justice’s commitment to holding malicious cyber actors accountable. Assistant Attorney General for National Security Matthew G. Olsen echoed this sentiment, highlighting the dangers of China-based companies carrying out indiscriminate hacks that undermine global cybersecurity. The FBI’s Cyber Division also emphasized the importance of law enforcement actions and partnerships with private companies in combating cyber threats.
US Attorney Clifford D. Johnson for the Northern District of Indiana expressed concern over the risk posed by the attackers to computer networks, including those in Indiana. Special Agent in Charge Herbert J. Stapleton of the FBI Indianapolis Field Office praised Sophos for its swift response in identifying and addressing the vulnerability, which helped mitigate the threat.
The indictment details how Guan and his co-conspirators developed malware targeting Sophos firewalls using a zero-day vulnerability, known as CVE 2020-12271. They registered domains that appeared to be controlled by Sophos in an attempt to hide their activity. Despite their unsuccessful encryption efforts, the attackers demonstrated a callous disregard for the potential harm caused to victims.
According to court documents, Guan worked for Sichuan Silence, a company that has provided services to the PRC Ministry of Public Security. Sophos’ investigation revealed advanced persistent threat groups linked to the PRC targeting their networking appliances for years, with one attack involving CVE-2020-12271. The FBI has called for information on PRC-sponsored malicious cyber activities targeting edge devices and network security appliances.
In response to the indictment, the US Department of State announced rewards of up to $10 million for information leading to the identification of Guan or others engaged in malicious cyber activities against US critical infrastructure. The US Department of the Treasury’s Office of Foreign Assets Control also imposed sanctions on Sichuan Silence and Guan.
Trial Attorneys from the National Security Division and the Assistant US Attorney for the Northern District of Indiana are prosecuting the case. The FBI continues to investigate Sichuan Silence’s hacking activities and intrusions into various edge devices.
Overall, the indictment highlights the ongoing threat posed by cybercriminals targeting critical infrastructure and the importance of international cooperation in combating such threats.
(Source: https://www.justice.gov/usao-ndin/pr/china-based-hacker-charged-conspiring-develop-and-deploy-malware-exploited-tens)