The U.S. Department of Justice has unsealed an indictment against Chinese national Guan Tianfeng for orchestrating a massive cyber attack that compromised approximately 81,000 firewall devices worldwide in 2020.
Guan, 30, faces charges of conspiracy to commit computer fraud and wire fraud for exploiting vulnerabilities in firewalls manufactured by U.K.-based cybersecurity company Sophos. The breach affected multiple organizations, including a U.S. government agency.
Working from Sichuan Silence Information Technology Co. Ltd., a company with ties to China's Ministry of Public Security, Guan and his co-conspirators developed malware targeting a previously unknown flaw in Sophos firewalls. The group attempted to disguise their activities by registering domains that mimicked legitimate Sophos websites.
When Sophos detected and patched the vulnerability within two days, the hackers modified their malware to deploy ransomware if victims tried to remove the infection. While the ransomware encryption attempt failed, investigators noted the attackers showed complete disregard for potential harm to victims.
The U.S. government has responded with multiple actions:
- The Department of Justice issued an arrest warrant for Guan
- The State Department offered a $10 million reward for information about Guan or Sichuan Silence
- The Treasury Department imposed sanctions on both Guan and his employer
Known online as "GbigMao," Guan participated in Chinese cybersecurity competitions and discussed zero-day exploits in online forums. His employer, Sichuan Silence, provides services including network exploitation, email monitoring, and password cracking to Chinese government clients.
The Chinese embassy in the U.S. dismissed concerns about the company's activities as "malicious speculation," stating that strengthening technical exchanges and innovation is normal practice.