The US Department of Justice has issued an indictment against a Chinese citizen working for a company likely tied to Beijing.

On December 10, 2024, the US Department of Justice announced an indictment against Guan Tianfeng, a Chinese citizen, for his role in hacking Sophos firewalls between 2018 and 2020. The DOJ is offering a $10 million reward for any information leading to his capture.

Guan Tianfeng is employed by Sichuan Silence Information Technology, a company working with China’s Ministry of Public Security. According to the FBI, this organization is directly affiliated with the Chinese state, which may have orchestrated the attack.

Guan Tianfeng and his accomplices exploited a 0-day vulnerability in the firewalls of cybersecurity company Sophos. They managed to steal sensitive information from numerous organizations worldwide, including login credentials and user account data. The hackers reportedly compromised around 81,000 firewalls, including one “used by a US agency.”

Sophos has emphasized the high level of sophistication involved in this malicious campaign. Notably, the malware deployed could defend itself by activating the Ragnarok ransomware if any removal attempt was detected.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.