Dec. 10 (UPI) — The United States on Tuesday took action against cybersecurity company Sichuan Silence Information Technology Co. and employee Guan Tianfeng for their role in a 2020 breach that compromised firewalls worldwide.
Biden administration officials said U.S. companies felt the brunt of the firewall compromise, with thousands of businesses worldwide being affected. Critical infrastructure companies were included in the compromise, the department said.
Guan, 30, used a “zero-day exploit,” a vulnerability in a computer software or hardware system often used in cyberattacks, to deploy malware in 81,000 firewalls, including 23,000 in the United States, used by businesses globally.
The malware was intended to steal data, including usernames and passwords of victims. After the hack was uncovered, the malware was modified to deploy encryption software from a ransomware variant if the victims attempted to remove the malicious program.
In response, the United States government announced related sanctions, indictments and rewards for information about the conspiracy.
“Today’s multi-agency effort reflects our whole-of-government approach to protecting and defending against PRC cyber threats to Americans and our critical systems,” U.S. State Department spokesman Matthew Miller said in a statement.
Specifically, the U.S. Treasury announced sanctions against Sichuan Silence and Guan, while the Justice Department unsealed an indictment charging Guan for his role in the international hacking conspiracy.
Federal prosecutors said Guan worked as a security researcher for Sichuan Silence, a China-based government contractor that mostly deals in Chinese intelligence services, providing services that target network routers.
He is believed to have deployed the zero-day exploit between April 22 and 25, 2020.
According to the indictment, Guan and his co-conspirators attempted to disguise this activity by using domains designed to appear under the control of British security cybersecurity firm Sophos, which had uncovered the attack.
The indictment details Sichuan Silence’s connections to the People’s Republic of China, stating it has provided services to Beijing’s Ministry of Public Security, among other state-run entities.
It pointed to a report produced in late October by British security cybersecurity firm Sophos that described those responsible for the hack as “well-resourced, patient, creative and unusually knowledgeable.”
Guan, who is listed among the FBI’s most wanted for cyber crimes, remains at large and is believed to reside in Sichuan Province and may have ties to Bangkok, Thailand.
A reward of up to $10 million is being offered by the State Department for information that leads to his identification or location.
“Guan’s deployment of malware to U.S. critical infrastructure companies in April 2020 put American lives at risk.”
China remains one of the most consistent cyber threats to the United States and others online.