Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Cyber security firm Sichuan Silence Information Technology Company and one employee targeted over massive 2020 firewall compromise.
The United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced sweeping sanctions against a Chinese cyber security firm and one of its employees following a widespread campaign targeting tens of thousands of businesses worldwide.
Both Sichuan Silence Information Technology Company and Guan Tianfeng – both based in the People’s Republic of China – were targeted for their roles in a 2020 cyber campaign that deployed malware to more than 80,000 firewalls across the globe.
Over 23,000 firewalls were in the US, 36 of which protected critical infrastructure entities between April 22 and 25. According to the Treasury Department, the campaign’s potential for disruption was catastrophic. One energy company was involved in oil rig drilling operations at the time of the attack, which could have led to “a significant loss in human life”.
The malware was designed to steal data and user credentials, and in addition, Guan Tianfeng also deployed the Ragnarok ransomware variant on victims’ networks. The Department of Justice has also indicted Guan Tianfeng for his role in the campaign.
“Today’s action underscores our commitment to exposing these malicious cyber activities – many of which pose significant risk to our communities and our citizens – and to holding the actors behind them accountable for their schemes,” Bradley T. Smith, acting Undersecretary of the Treasury for Terrorism and Financial Intelligence, said in a statement.
“Treasury, as part of the US government’s coordinated approach to addressing cyber threats, will continue to leverage our tools to disrupt attempts by malicious cyber actors to undermine our critical infrastructure.”
Sichuan Silence is based in Chengdu province and is known to work with the PRC intelligence services, while Guan Tianfeng commonly competed in cyber security tournaments and has been observed actively sharing exploits on hacking forums under the pseudonym GbigMao.
Under the sanctions, all US-based assets of the Sichuan Silence and Guan Tianfeng must be reported to the OFAC, while all transactions with those named are henceforth prohibited.
Cyber security firm Sophos was involved in the investigation into the firewall campaign, as it was its firewall products that were targeted.
“Throughout our five-year offensive operation against interlinked, Chinese nation-state adversaries – an operation we’ve named Pacific Rim – we successfully gathered critical intelligence about their activities,” Ross McKerchar, Sophos’ CISO, said.
“Notably, we were able to link much of the attackers’ exploit research and development to the Sichuan region of China, specifically, the Sichuan Silence Information Technology’s Double Helix Research Institute. In addition, after neutralising a wave of attacks we named Asnarok, we uncovered links between the attacks and a person who went by the moniker GBigMao.
“Today, we are pleased that the Department of Justice has unsealed its indictment of GbigMao, aka Guan Tianfeng, and the Treasury has sanctioned Sichuan Silence. This is a positive step towards disrupting these attackers’ operations.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
