![Chinese Cyber Firm Hit with US Sanctions Over Devastating Ransomware Campaign](https://mlkmisyfyt7n.i.optimole.com/cb:QnOd.1c245/w:auto/h:auto/q:mauto/ig:avif/https://clickcontrol.com/wp-content/uploads/2024/12/article_203_1733852137.jpg)
The U.S. Treasury Department has imposed sanctions on Sichuan Silence, a Chinese cybersecurity company, and its employee Guan Tianfeng for orchestrating widespread Ragnarok ransomware attacks in April 2020. The Chengdu-based government contractor, known for providing services to Chinese intelligence agencies, was involved in targeting critical U.S. infrastructure and global organizations.
The Attack Campaign
– Guan Tianfeng discovered and exploited a zero-day vulnerability in Sophos XG firewalls
– Approximately 81,000 firewalls were compromised worldwide
– 23,000 affected devices were in the United States
– 36 U.S. critical infrastructure companies were targeted
– A U.S. energy company’s drilling operations were among the victims
Technical Details
– Attackers utilized SQL injection vulnerability
– Deployed Asnarök Trojan malware
– Implemented a “dead man switch” triggering Ragnarok ransomware
– Targeted data theft included usernames and passwords
U.S. Government Response
– Department of Justice unsealed indictment against Guan
– State Department offered $10 million reward for information
– OFAC prohibited U.S. transactions with Sichuan Silence and Guan
– Assets frozen and penalties imposed for related financial transactions
Additional Context
Meta previously dismantled Sichuan Silence’s social media network in 2021, which included:
– 524 Facebook accounts
– 86 Instagram accounts
These accounts were used for COVID-19 disinformation targeting audiences in the U.S., UK, Taiwan, Hong Kong, and Tibet.