Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

Chinese cybersecurity firm facing US sanctions over alleged ransomware attacks

China.

  • The US Treasury Dept. is bringing sanctions against a Chinese cybersecurity firm and one of its employees
  • The Government believes the employee is singlehandedly responsible for over 80,000 Sophos firewall breaches
  • Many of the targets were part of US critical infrastructure

Chinese cybersecurity firm Sichuan Silence has been sanctioned by the US Treasury Department’s Office of Foreign Assets Control (OFAC) for its role in a string of Ragnarok ransomware attacks in April of 2020, in which tens of thousands of firewalls were compromised across the globe.

Also sanctioned was an employee of the firm, Guan Tianfeng, who is allegedly single-handedly responsible for exploiting 81,000 Sophos firewalls. Guan discovered a zero-day exploit in the Sophos firewall and used this to compromise businesses, and steal information like passwords.

Once the information was obtained, Guan would often disable the victims anti-virus software and encrypt the device with a Ragnarok ransomware variant, which infected the victim’s device.

23,000 successful compromises

The wide-reaching cyber espionage campaign compromised over 23,000 firewalls in the US alone, with 36 critical infrastructure targets - including an energy company. Obviously an impressive cybercriminal, Guan (also known as GbigMao), also competed in cybersecurity tournaments on behalf of Sichuan Silence.

The Justice Department has offered a $10 million reward for any information that could lead to the location of the attacker. The ‘malicious cyber activities’ against infrastructure are violations of the Computer Fraud and Abuse Act.

“The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world,” said Assistant Attorney General for National Security Matthew G. Olsen.

The sanctions include the seizure of any US property or assets belonging to the firm or to Guan, and blocking any entities that are more than 50% owned by Sichuan Silence, unless authorized by the OFAC.

The US government recently announced that mitigating Chinese cyberattacks is a top priority for US security forces, citing serious national security concerns.

The cybersecurity firm is said to have served as a third-party contractor for the Chinese government’s intelligence agency, offering tools and skills. From now on, US organizations and citizens are prohibited from engaging in any financial transactions with the firm.

Via BleepingComputer

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.