Chinese Cyber Firm Hit with US Sanctions Over Devastating Ransomware Campaign

Chinese Cyber Firm Hit with US Sanctions Over Devastating Ransomware Campaign

Chinese Cybersecurity Firm Sanctioned for Major Ransomware Campaign

The U.S. Treasury Department has imposed sanctions on Sichuan Silence, a Chinese cybersecurity company, and its employee Guan Tianfeng for orchestrating widespread Ragnarok ransomware attacks in April 2020. The Chengdu-based government contractor, known for providing services to Chinese intelligence agencies, was involved in targeting critical U.S. infrastructure and global organizations.

The Attack Campaign
– Guan Tianfeng discovered and exploited a zero-day vulnerability in Sophos XG firewalls
– Approximately 81,000 firewalls were compromised worldwide
– 23,000 affected devices were in the United States
– 36 U.S. critical infrastructure companies were targeted
– A U.S. energy company’s drilling operations were among the victims

Technical Details
– Attackers utilized SQL injection vulnerability
– Deployed Asnarök Trojan malware
– Implemented a “dead man switch” triggering Ragnarok ransomware
– Targeted data theft included usernames and passwords

U.S. Government Response
– Department of Justice unsealed indictment against Guan
– State Department offered $10 million reward for information
– OFAC prohibited U.S. transactions with Sichuan Silence and Guan
– Assets frozen and penalties imposed for related financial transactions

Additional Context
Meta previously dismantled Sichuan Silence’s social media network in 2021, which included:
– 524 Facebook accounts
– 86 Instagram accounts
These accounts were used for COVID-19 disinformation targeting audiences in the U.S., UK, Taiwan, Hong Kong, and Tibet.

Share This Article