Chinese Firm Sanctioned For Potentially Lethal Cyber Attacks

Uploaded on 2024-12-13 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, FREE TO VIEW

A Chinese cyber security firm and one of its researchers have been sanctioned by the US for a cyber attack that tried to exploit a computer software vulnerability in company firewalls, potentially resulting in killing people by system malfunctions, the US Treasury Department has said.

A federal court in Indiana, unsealed an indictment is charging Guan Tianfeng, a citizen of the People’s Republic of China (PRC) for his involvement in a conspiracy to carry out a wide-ranging hacking campaign to penetrate firewall devices worldwide in 2020. 

Guan and his co-conspirators worked at the offices of Sichuan Silence Information Technology company  with the aim to discover and exploit a previously-unknown Zero-Day  vulnerability in certain firewall tools sold by the leading UK  cyber security firm, Sophos

An employee of Sichuan Silence Information Technology Company, Guan Tianfeng, deployed malicious software to more than 80,000 firewalls run by thousands of companies worldwide in April 2020, including 23,000 in the US. 

Sichuan Silence is a cyber security government contractor located in the city of Chengdu in central China whose main clients are Chinese government intelligence services, the Treasury Department said. “Sichuan Silence provides these clients with computer network exploitation, email monitoring, brute-force password cracking, and public sentiment suppression products and services.” 

The sanctions follow a  series of alleged Chinese cyber espionage activities in the US in which government agencies have accused hackers from China of stealing the metadata of a large number of Americans in a wide-ranging  campaign that has targeted at least eight US telecom firms, as well as dozens of other countries in a campaign carried out bu a nation-state hacking group know as Salt Typhoon

  • In September, the FBI also said it had uncovered another  far-reaching Chinese hacking campaign that is has  named Flax Typhoon.
  • In November, US government authorities said they had found hacks carried out by Salt Typhoon, that targeted multiple telecommunications companies aiming to steal information from Americans working in government and politics.

In the latest case involving Sichuan Silence, the malware was allegedly designed to steal data, including usernames and passwords, as well as deploy ransomware that blocks access to victims’ computer networks using encryption when companies try to fix the attacks.

Of the 23,000 firewalls in the US, 36 were protecting the systems of critical infrastructure companies, the Treasury Department said. If any of the targets had failed to sufficiently protect their systems or quickly detect the ransomware attack, the potential impact “could have resulted in serious injury or the loss of human life”. One of the victims was a US energy company that was actively involved in drilling operations at the time of the incident, potentially causing oil rigs to malfunction and “causing a significant loss in human life”.

The sanctions effectively block any assets of Sichuan Silence and Guan in the US, and usually ban US banks, companies or individuals from doing business with them.

Sichuan Silence has previously been accused of involvement in cyber attacks. In 2021, Meta Platforms, the parent company of Facebook and Instagram, alleged that the firm was linked to an online disinformation network spreading the claims of a fake Swiss biologist who alleged the US was meddling in efforts to find the origins of COVID. 

The sanctions on Guan and Sichuan Silence are part of a larger government effort to address widespread concerns about China’s infiltration of widely-used edge computing devices, including firewalls, VPN services and routers.  

The US Department of Justice has  recently published an indictment on Guan for his role in the cyber attack, and the US Department of State is offering $10m reward for information about Sichuan Silence or Guan.

US Dept. of Justice   |    US Sate Dept.  |    US Treasury Dept   |   Reuters   |   AlJazeera   |     Times of India   | 

The Record   

Image: Andbreit

You Might Also Read: 

Trump 2.0: Cyberwarfare To Reach New Heights

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Speciality Bakery Chain Hacked 
Phishing Attacks Target Ukraine’s Defence Sector »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

RCMP Cybercrime Strategy

RCMP Cybercrime Strategy

The RCMP Cybercrime Strategy sets out in an Operational Framework and Action Plan to combat cybercrime.

KayHut

KayHut

KayHut is a young, innovative company engaged in cyber research and security solutions.

Salient CRGT

Salient CRGT

Salient CRGT is a leading provider of health, data analytics, cloud, agile software development, mobility, cyber security, and infrastructure solutions.

PrivateVPN

PrivateVPN

PrivateVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

SaferVPN

SaferVPN

SaferVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

H-ON Consulting

H-ON Consulting

H-ON Consulting develops and applies robust cyber security procedures enabling control systems to be secure.

Redbelt Security

Redbelt Security

Redbelt is a cyber security consultancy. We integrate people, systems, services and products to transform how your information security is delivered.

Ordr

Ordr

Ordr Systems Control Engine. The first actionable AI-based systems control engine for the hyper-connected enterprise. You’re in control.

DataTribe

DataTribe

DataTribe is a cyber startup foundry, leveraging deep experience and expertise to build and launch successful product companies.

Elevate Security

Elevate Security

Elevate is the leading Security Behavior Platform, changing employee security habits while giving security teams unprecedented visibility.

EVOKE

EVOKE

EVOKE is an award-winning Digital Transformation company that partners with its clients to build digital workplace solutions for organizational challenges.

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

Nitel

Nitel

Nitel is a leading next-generation technology services provider. We simplify the complex technology challenges of today’s enterprises to create seamless and integrated managed network solutions.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.