U.S. sanctions, charges Chinese hacker for infecting firewalls
Add Axios as your preferred source to
see more of our stories on Google.
Photo: Greg Baker/AFP via Getty Images
The U.S. has sanctioned a Chinese cybersecurity company and charged one of its employees with developing and distributing malware used to infect thousands of firewalls worldwide.
Why it matters: Many of the victims were U.S. critical infrastructure companies, officials said.
Zoom in: The Treasury Department sanctioned Sichuan Silence Information Technology Company — a cybersecurity government contractor whose main clients are intelligence agencies — and one of its employees, Guan Tianfeng, for their roles in the April 2020 attack.
- The Justice Department also charged Guan for the same activity.
- According to the indictment, Guan, a security researcher at Sichuan Silence, and his unidentified co-conspirators found a critical "zero-day" vulnerability in Sophos' firewall products.
- Guan and his team then decided to write malware that exploited this security flaw to infect roughly 81,000 firewall devices around the world in a three-day period. The malware would also encrypt a company's files if a victim attempted to remediate the infection.
- More than 23,000 of the infected firewall devices were in the United States, according to the Treasury Department.
Catch up quick: In October, Sophos released a report detailing a years-long, China-back campaign that targeted and infected its edge devices, including firewalls.
- The attacks detailed in Tuesday's indictment are linked to this investigation, the company said.
- "We can't expect these groups to slow down, if we don't put the time and effort into out-innovating them, and this includes early transparency about vulnerabilities and a commitment to develop stronger software," Sophos CISO Ross McKerchar said in an emailed statement.
The big picture: China has launched a full-on digital assault against the United States.
- For over a year, government officials have been warning about the yearslong Volt Typhoon campaign, where China-backed hackers are burrowing into U.S. infrastructure to launch destructive attacks at any moment.
- In the last week, officials have started publicly warning about the Salt Typhoon attack, where China has been collecting phone records about a large number of Americans. U.S. telcos have been trying to toss the hackers out of their networks for at least six months.
Yes, but: The United States hasn't responded much to these attacks. Sanctions and indictments often don't deter hackers.
- Guan can only be arrested if he leaves China for a country that has an extradition treaty with the United States.
