Hitmetrix - User behavior analytics & recording

U.S. charges Chinese hacker for Sophos firewall breach

U.S. charges Chinese hacker for Sophos firewall breach
U.S. charges Chinese hacker for Sophos firewall breach

The U.S. government has unsealed charges against Guan Tianfeng, a Chinese national, for allegedly breaking into 81,000 Sophos firewall devices globally in 2020. Guan, who worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and wire fraud. According to the FBI, Guan developed and tested a zero-day security vulnerability used to conduct the attacks.

The exploit was used to infiltrate approximately 81,000 firewalls, with more than 23,000 of them located in the United States. Of these firewalls, 36 were protecting U.S. critical infrastructure companies’ systems. Sophos revealed that it had received a bug bounty report about the flaw in April 2020 from researchers associated with Sichuan Silence’s Double Helix Research Institute.

One day after the report, the vulnerability was exploited in real-world attacks using the Asnarök trojan, which stole usernames and passwords.

U.S. charges Chinese hacker

The U.S. Department of Justice stated that Guan and his co-conspirators designed the malware to steal information from firewalls.

They also registered and used domains designed to look like they were controlled by Sophos to better hide their activity. Concurrent with the indictment, the U.S. Treasury Department’s Office of Foreign Assets Control has imposed sanctions against Sichuan Silence and Guan. Sichuan Silence has been assessed to be a cybersecurity government contractor providing services to Chinese intelligence agencies.

The Department of State has offered rewards of up to $10 million for information about Sichuan Silence, Guan, or other individuals participating in cyberattacks against U.S. critical infrastructure entities under the direction of a foreign government. Ross McKerchar, chief information security officer at Sophos, said in a statement, “The scale and persistence of Chinese nation-state adversaries poses a significant threat to critical infrastructure, as well as unsuspecting, everyday businesses. Their relentless determination redefines what it means to be an Advanced Persistent Threat; disrupting this shift demands individual and collective action across the industry, including with law enforcement.”

Total
0
Shares
Related Posts