The U.S. has placed sanctions on Sichuan Silence Information Technology after linking the firm to a 2020 cyberattack that threatened global security.
At a Glance
- The U.S. sanctioned Sichuan Silence and employee Guan Tianfeng over a dangerous cyberattack.
- The alleged attackers deployed malicious software to over 80,000 firewalls worldwide.
- The malware endangered critical infrastructure and energy sectors.
- Sichuan Silence’s actions are reportedly linked to threats against national security.
Background of the Sanctions
The U.S. Treasury’s sanctions target Sichuan Silence Information Technology and employee Guan Tianfeng for their alleged roles in a cyberattack that occurred in April 2020. This attack involved the deployment of malicious software to over 80,000 firewalls globally. The software was designed to steal data and deploy ransomware, creating a severe threat to critical infrastructure.
An energy company involved in drilling was notably targeted—an incident that “could have caused oil rigs to malfunction,” according to U.S. Treasury officials. The FBI has responded with an offer of $10 million for information leading to Guan or the company’s hacking network.
US Treasury OFAC sanctions Chinese cybersecurity company Sichuan Silence and one of its employees, Guan Tianfeng, "for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide. Many of the victims were U.S. critical infrastruc… https://t.co/FGuo2fvntA
— Steve Herman (@W7VOA) December 10, 2024
Details of the Cyberattack
The attack’s scope was broad, affecting over 23,000 firewalls in the U.S. alone and included 36 critical infrastructure targets. Guan Tianfeng is accused of exploiting zero-day vulnerabilities in Sophos firewalls. These actions reportedly included stealing passwords, disabling antivirus software, and encrypting devices with a variant of the Ragnarok ransomware.
“The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world,” said Assistant Attorney General for National Security Matthew G. Olsen.
Charges against Guan include conspiracy to commit computer and wire fraud. Sanctions against Sichuan Silence also entail the freezing of assets and prohibitions on U.S. entities engaging in transactions with the firm.
Implications and Future Outcomes
The sanctioning of Sichuan Silence highlights U.S. efforts to counter cyber threats linked to Chinese entities. In previous operations, the firm was associated with a Chinese intelligence agency’s online influence campaigns. Beijing has denied involvement in the hacking activities carried out by Sichuan Silence. Nonetheless, the U.S. government has prioritized combating these threats due to national security concerns.
The sanctions against Sichuan Silence represent a significant step in deterring cyber espionage and protecting national integrity. By freezing assets and blocking transactions, the U.S. intends to curtail further harmful cyber activities. The situation remains dynamic as the imposed sanctions serve as part of broader efforts to safeguard critical infrastructure from persistent cyber threats.
Sources
- US sanctions Chinese firm over potentially deadly ransomware attack
- Chinese cybersecurity firm facing US sanctions over alleged ransomware attacks
- US sanctions China cyber firm for potentially deadly ransomware attack
