The United States Treasury Department has sanctioned Sichuan Silence Information Technology Co. Ltd. and one of its researchers, Guan Tianfeng, over their role in a large-scale 2020 cyberattack that exploited a vulnerability in firewalls used by thousands of companies worldwide.
2020 Cyberattack
The attack, which affected over 81,000 firewall devices, including 23,000 in the U.S., has raised alarm over the potential consequences, including threats to critical infrastructure and human life.
The sanctions come in response to an attack in which Guan Tianfeng, employer of Chengdu-based cybersecurity firm, deployed malicious software designed to steal sensitive data and encrypt victimized systems. The malware, which targeted firewalls sold by the U.K.-based cybersecurity firm Sophos, exploited a previously unknown “0-day” vulnerability in April 2020.
According to the U.S. Treasury Department, the malware compromised 36 firewalls used by critical infrastructure companies in the U.S., including an energy company involved in active drilling operations. If the compromised systems had failed to detect or mitigate the attack in time, the consequences could have been severe, including significant human casualties.
In addition to the sanctions, which freeze the assets of Sichuan Silence and Guan Tianfeng in the U.S. and prohibit U.S. entities from doing business with them, the U.S. Department of Justice also unsealed an indictment charging Guan with conspiracy, computer fraud, and identity theft.
The U.S. Department of State has offered a reward of up to $10 million for information leading to Guan’s arrest or the identification of other individuals involved in the cyberattack.
https://x.com/rfj_usa/status/1866529625247011306?s=46&t=LevtcQvR8QBxl_qgBjHyvw
Sichuan Silence
Sichuan Silence is known for providing computer network exploitation and other cybersecurity services to Chinese government agencies, including intelligence services, raising concerns over its potential involvement in espionage activities.
The company has been previously accused of involvement in malicious digital activity. In 2021, Meta Platforms alleged that the firm was connected to an online influence campaign that promoted claims of a fake biologist saying the US was meddling with the investigation into the origins of COVID-19.
Broader Pattern Of Cyberattacks
This latest action comes amidst growing tensions between the U.S. and China over cyber espionage. In recent weeks, U.S. officials have accused Chinese hackers of stealing metadata from multiple telecom companies in the U.S. and other countries.
These incidents are part of a broader pattern of cyberattacks attributed to China-linked hacking groups, including the Salt Typhoon in November and Flax Typhoon in September, which have targeted telecommunications and government entities.
The Chinese government has consistently denied any involvement in cyberattacks or cyber espionage, dismissing such allegations as unsubstantiated.
As the investigation continues, U.S. officials are urging anyone with information related to the attack to come forward, as efforts to track down Guan and his co-conspirators remain ongoing.
