US sanctions Chinese cybersecurity firm for firewall hacks targeting critical infrastructure

The U.S. sanctioned a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in Sophos firewalls to target U.S. organizations.

On Tuesday, the U.S. Treasury Department said Guan Tianfeng, an employee of Sichuan Silence, used the vulnerability to compromise approximately 81,000 firewalls in April 2020. The hacking campaign, detailed by Sophos in November, led to the compromise of more than 23,000 firewalls in the U.S., dozens of which were used at a government agency, and critical infrastructure companies. 

One of these was an energy company involved in drilling operations. The Treasury noted that the incident could have caused “significant loss in human life” if the attack had been successful. 

“The purpose of the exploit was to use the compromised firewalls to steal data,” the Treasury said. “However, Guan also attempted to infect the victims’ systems with the Ragnarok ransomware variant.”

Related Content

Smoke, reflections and portals: Adobe’s TransPixar takes AI VFX to the next level

Infinite Reality raises $3B to increase its immersive tech portfolio

VLC tops 6 billion downloads, previews AI-generated subtitles

Leave a Comment