The United States has offered a $10 million reward for information leading to the arrest of Guan Tianfeng, a Chinese national wanted for his role in a major hacking operation targeting computer firewalls. The 30-year-old is believed to be residing in China’s Sichuan Province, according to the U.S. State Department.
On Tuesday, an indictment was unsealed, charging Guan with conspiracy to commit computer fraud and wire fraud. The U.S. Treasury Department also announced sanctions against the company Guan worked for, Sichuan Silence Information Technology Co Ltd.
Guan and his associates at Sichuan Silence are accused of exploiting a vulnerability in firewalls sold by UK-based cybersecurity firm Sophos Ltd. The indictment alleges that the group infected tens of thousands of network security devices with malware designed to steal sensitive information from victims worldwide.
“The defendant and his co-conspirators exploited a vulnerability in tens of thousands of network security devices, infecting them with malware to steal data from victims globally,” said Deputy Attorney General Lisa Monaco in a statement.
In April 2020, an attack on approximately 81,000 firewall devices worldwide was launched, targeting data such as usernames and passwords, and attempting to deploy ransomware. Of the affected devices, more than 23,000 were in the United States, including 36 that protected critical infrastructure systems, the Treasury Department noted.
“The zero-day vulnerability exploited by Guan and his co-conspirators affected firewalls owned by businesses across the U.S.,” said FBI agent Herbert Stapleton. “Had Sophos not rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe.”
The indictment further alleges that Sichuan Silence sold the stolen data to Chinese businesses and government entities, including the Ministry of Public Security.
When contacted by AFP, a man who answered a phone listed for Sichuan Silence declined to comment on the sanctions and stated that the company “did not accept interviews.” The individual also claimed Guan was “uncontactable.”
AFP
