Chinese State Hacker Charged in Massive Breach of 81,000 Sophos Firewalls

Chinese State Hacker Charged in Massive Breach of 81,000 Sophos Firewalls

Chinese Hacker Charged in Massive Sophos Firewall Breach

U.S. authorities have unsealed charges against Chinese national Guan Tianfeng for orchestrating a large-scale cyber attack targeting Sophos firewall devices in 2020. Guan, an employee of Sichuan Silence Information Technology Company, faces charges of computer fraud and wire fraud conspiracy.

The attack exploited a critical zero-day vulnerability (CVE-2020-12271) affecting approximately 81,000 firewalls globally, with 23,000 in the United States alone. The breach impacted 36 U.S. critical infrastructure companies, potentially threatening public safety.

Key Developments:
– Guan developed and tested the vulnerability, using domains mimicking Sophos to conceal the attack
– Attackers deployed the Asnarök trojan to steal sensitive data and credentials
– When detected, the group attempted to deploy Ragnarok ransomware
– A similar attack pattern emerged in 2022 with new vulnerabilities (CVE-2022-1040 and CVE-2022-1292)

U.S. Response:
– Treasury Department sanctioned both Sichuan Silence and Guan
– State Department offered $10 million reward for information
– FBI launched an investigation into the breach

Sichuan Silence, based in Chengdu, has been identified as a cybersecurity contractor for Chinese intelligence agencies, providing services including network exploitation and public sentiment suppression. The company was previously linked to COVID-19 disinformation campaigns on social media platforms.

Sophos CISO Ross McKerchar emphasized the growing threat of Chinese state-sponsored cyber attacks and called for increased industry collaboration and transparency in addressing vulnerabilities.

Share This Article