Chinese national charged of infecting 81,000 Sophos firewalls
![sophos-firewall](https://media.cooltechzone.com/images/featured-big/2024/12/sophos-firewall.jpg)
The United States government is charging Guan Tianfeng for his involvement in a conspiracy to indiscriminately hack firewall devices in 2020.
According to the Department of Justice (DOJ), Guan and his co-conspirators developed, tested, and deployed malware that targeted approximately 81,000 Sophos firewalls worldwide using a zero-day vulnerability that existed on those devices.
The zero-day later became known as CVE-2020-12271, which allowed a previously unknown SQL injection vulnerability to compromise Sophos XG firewalls. Attackers were able to perform a so-called remote code execution (RCE) and exfiltrate usernames and hashed passwords for the local device admins and user accounts for remote access. The zero-day got a CVSS score of 9.8 out of 10.
According to the indictment, Guan and his accomplices designed malware to steal information from Sophos’ compromised firewall devices. To hide their activity, the suspects registered and used domains designed to look like they were controlled by Sophos, but this was found out two days later.
Guan then modified the malware to deploy encryption software in case victims tried to remove the malicious software. “Their encryption efforts did not succeed, but demonstrated the conspirators’ disregard for the harm that they would cause to victims,” the DOJ says.
“The zero-day vulnerability Guan Tianfeng and his co-conspirators found and exploited affected firewalls owned by businesses across the United States. If Sophos had not rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe. Sophos’s efforts combined with the dedication and expertise of our cyber squad formed a powerful partnership resulting in the mitigation of this threat,” Special Agent in Charge Herbert J. Stapleton of the FBI Indianapolis Field Office said in a statement.
In addition to the charges against the suspect, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has also implemented sanctions against the company Guan worked for: Sichuan Silence Information Technology. It’s a Chengdu-based cybersecurity contractor that provides security products and services to its clients, including email monitoring, computer network exploitation, and brute-force password cracking.
On top of that, the US Department of State announced rewards up to $10 million for information leading to the identification or location of Guan or any person who engages in malicious cyber activities against the US critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).
Your email address will not be published. Required fields are marked