US Sanctions Chinese Firm for Firewall Hacks Linked to Ransomware

Sichuan Silence and its employee Guan Tianfeng, both based in China, were sanctioned by the US Treasury for their involvement in the April 2020 hack of tens of thousands of global firewalls, including those of critical US infrastructure. 

Chinese cyber actors pose a significant and ongoing threat to U.S. national security, actively exploiting vulnerabilities to compromise critical infrastructure and steal sensitive information.

The U.S. Treasury Department has taken action to disrupt malicious cyber activities that threaten critical infrastructure and citizens, as the department will continue to use its tools to hold cybercriminals accountable and protect national security.

The U.S. Department of Justice indicted Guan for hacking activities, while the State Department offered a $10 million reward for information on Guan or the Sichuan Silence hacking group.

Guan Tianfeng exploited a zero-day vulnerability in firewall software to compromise 81,000 devices globally between April 22 and 25, 2020, where the attacker aimed to steal sensitive data and deploy the Ragnarok ransomware to further disrupt victim networks. 

23,000+ firewalls, including 36 protecting critical U.S. infrastructure, were compromised by Ragnarok ransomware. Unpatched systems or undetected intrusions could have led to severe consequences, such as loss of life in U.S. energy operations. 

Guan is a Chinese security researcher for Sichuan Silence, which exploited a zero-day vulnerability to compromise a firewall in April 2020 and was known for participating in cybersecurity tournaments and sharing exploits online under the alias GbigMao.

Sichuan Silence, a Chinese government contractor, provides cyberespionage tools and services to PRC intelligence agencies, including network intrusion, email surveillance, password cracking, and sentiment manipulation, where the company’s equipment was used in the April 2020 firewall breach.

OFAC has sanctioned Sichuan Silence and Guan for cyberattacks originating outside the US that pose a significant threat to US national security, foreign policy, economic health, and financial stability and specifically target critical infrastructure.

It has blocked all U.S.-based property and interests belonging to designated persons and their 50%-owned entities, prohibiting U.S. persons from engaging in transactions involving such property without specific authorization.

According to the U.S. Treasury Department, financial institutions and individuals engaging in transactions or activities with sanctioned entities or individuals risk sanctions or enforcement actions, which include providing or receiving funds, goods, or services to or from designated persons.

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here