Chinese Firm Sanctioned For Potentially Lethal Cyber Attacks

Uploaded on 2024-12-13 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, FREE TO VIEW

A Chinese cyber security firm and one of its researchers have been sanctioned by the US for a cyber attack that tried to exploit a computer software vulnerability in company firewalls, potentially resulting in killing people by system malfunctions, the US Treasury Department has said.

A federal court in Indiana, unsealed an indictment is charging Guan Tianfeng, a citizen of the People’s Republic of China (PRC) for his involvement in a conspiracy to carry out a wide-ranging hacking campaign to penetrate firewall devices worldwide in 2020. 

Guan and his co-conspirators worked at the offices of Sichuan Silence Information Technology company  with the aim to discover and exploit a previously-unknown Zero-Day  vulnerability in certain firewall tools sold by the leading UK  cyber security firm, Sophos

An employee of Sichuan Silence Information Technology Company, Guan Tianfeng, deployed malicious software to more than 80,000 firewalls run by thousands of companies worldwide in April 2020, including 23,000 in the US. 

Sichuan Silence is a cyber security government contractor located in the city of Chengdu in central China whose main clients are Chinese government intelligence services, the Treasury Department said. “Sichuan Silence provides these clients with computer network exploitation, email monitoring, brute-force password cracking, and public sentiment suppression products and services.” 

The sanctions follow a  series of alleged Chinese cyber espionage activities in the US in which government agencies have accused hackers from China of stealing the metadata of a large number of Americans in a wide-ranging  campaign that has targeted at least eight US telecom firms, as well as dozens of other countries in a campaign carried out bu a nation-state hacking group know as Salt Typhoon

  • In September, the FBI also said it had uncovered another  far-reaching Chinese hacking campaign that is has  named Flax Typhoon.
  • In November, US government authorities said they had found hacks carried out by Salt Typhoon, that targeted multiple telecommunications companies aiming to steal information from Americans working in government and politics.

In the latest case involving Sichuan Silence, the malware was allegedly designed to steal data, including usernames and passwords, as well as deploy ransomware that blocks access to victims’ computer networks using encryption when companies try to fix the attacks.

Of the 23,000 firewalls in the US, 36 were protecting the systems of critical infrastructure companies, the Treasury Department said. If any of the targets had failed to sufficiently protect their systems or quickly detect the ransomware attack, the potential impact “could have resulted in serious injury or the loss of human life”. One of the victims was a US energy company that was actively involved in drilling operations at the time of the incident, potentially causing oil rigs to malfunction and “causing a significant loss in human life”.

The sanctions effectively block any assets of Sichuan Silence and Guan in the US, and usually ban US banks, companies or individuals from doing business with them.

Sichuan Silence has previously been accused of involvement in cyber attacks. In 2021, Meta Platforms, the parent company of Facebook and Instagram, alleged that the firm was linked to an online disinformation network spreading the claims of a fake Swiss biologist who alleged the US was meddling in efforts to find the origins of COVID. 

The sanctions on Guan and Sichuan Silence are part of a larger government effort to address widespread concerns about China’s infiltration of widely-used edge computing devices, including firewalls, VPN services and routers.  

The US Department of Justice has  recently published an indictment on Guan for his role in the cyber attack, and the US Department of State is offering $10m reward for information about Sichuan Silence or Guan.

US Dept. of Justice   |    US Sate Dept.  |    US Treasury Dept   |   Reuters   |   AlJazeera   |     Times of India   | 

The Record   

Image: Andbreit

You Might Also Read: 

Trump 2.0: Cyberwarfare To Reach New Heights

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Speciality Bakery Chain Hacked 
Phishing Attacks Target Ukraine’s Defence Sector »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZDL Group

ZDL Group

At ZDL (formerly ZeroDayLab) we take a comprehensive view of our clients cyber security risks and provide quality services to address those risk

A10 Networks

A10 Networks

A10 Networks is a leader in application networking, helping organizations of all sizes to accelerate, optimize and secure their applications.

National Cybersecurity Agency (ANCS) - Tunisia

National Cybersecurity Agency (ANCS) - Tunisia

ANCS (L'Agence Nationale de la Cybersécurité) is the national cybersecurity agency for Tunisia.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Somansa

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

Oak Ridge National Laboratory (ORNL)

Oak Ridge National Laboratory (ORNL)

ORNL conducts basic and applied research and development in key areas of science for energy, advanced materials, supercomputing and national security including cybersecurity.

Surevine

Surevine

Surevine builds secure, scalable collaboration solutions for the most security conscious organisations, enabling collaboration on their most sensitive information.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

Alea Consulting

Alea Consulting

Alea Consulting is a global risk mitigation and investigative consulting firm, which helps organizations reduce reputation and operational concerns.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

US Department of State - Bureau of Cyberspace & Digital Policy

US Department of State - Bureau of Cyberspace & Digital Policy

The Bureau of Cyberspace and Digital Policy leads and coordinates the Department’s work on cyberspace and digital diplomacy to encourage responsible state behavior in cyberspace.

Defimoon

Defimoon

DeFimoon is the International Blockchain Development & Security Agency. We provide professional services and solutions at the highest quality on world-leading chains.

Barquin Solutions

Barquin Solutions

Barquin Solutions is a full-service information technology consulting firm focused on supporting U.S. federal government agencies and their partners.