The charges unsealed by the U.S. government against Chinese national Guan Tianfeng have shed light on a global cyber threat that affected 81,000 firewall devices in 2020. Working at Sichuan Silence Information Technology Company, Limited, Guan has been accused of conspiracy to commit computer fraud and wire fraud. The FBI revealed that Guan was behind the development and testing of a zero-day security vulnerability that was exploited in the attacks.
This exploit targeted approximately 81,000 firewalls worldwide, with over 23,000 of them located in the United States. Alarmingly, 36 of these firewalls were vital for protecting critical infrastructure companies in the U.S. The initial report about the flaw came from researchers associated with Sichuan Silence’s Double Helix Research Institute who informed Sophos about it back in April 2020.
Just a day after receiving the bug bounty report, the vulnerability was actively exploited in real-world attacks using the Asnarök trojan, which was able to steal usernames and passwords from affected systems.
The U.S. Department of Justice detailed in the indictment that Guan and his co-conspirators devised the malware to extract sensitive information from firewalls. In an attempt to conceal their actions, they also set up and utilized domains that mimicked control by legitimate entities. In response to these cyber threats, the U.S. Treasury Department’s Office of Foreign Assets Control imposed sanctions on both Sichuan Silence and Guan. Sichuan Silence, known as a government contractor in the cybersecurity sector, has been identified as providing services to Chinese intelligence agencies.
Moreover, the Department of State has put forth rewards of up to $10 million for any information regarding Sichuan Silence, Guan, or other individuals involved in cyberattacks against U.S. critical infrastructure under a foreign government’s direction. Ross McKerchar, chief information security officer at Sophos, warned about the seriousness of the situation, stating, “The scale and persistence of Chinese nation-state adversaries pose a significant threat to critical infrastructure, as well as unsuspecting, everyday businesses. Their relentless determination redefines what it means to be an Advanced Persistent Threat; disrupting this shift demands individual and collective action across the industry, including with law enforcement.”
The allegations and actions taken against Guan Tianfeng and Sichuan Silence highlight the growing concern over cyber threats originating from foreign actors targeting critical infrastructure systems. As the investigation progresses, it is crucial for both the public and private sectors to remain vigilant and take necessary measures to enhance cybersecurity and protect against such malicious activities.