Saturday, May 3, 2025
HomeCyber Security NewsUS Charged Chinese Hackers for Exploiting Thousands of Firewall

US Charged Chinese Hackers for Exploiting Thousands of Firewall

Published on

SIEM as a Service

Follow Us on Google News

The US Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned Sichuan Silence Information Technology Company and its employee Guan Tianfeng for their involvement in the April 2020 global firewall compromise, which targeted numerous US critical infrastructure companies. 

The Department of Justice has also indicted Guan for the same cybercrime, and the State Department has offered a $10 million reward for information on the individuals involved, highlighting the US government’s commitment to combating Chinese cyber threats and holding malicious actors accountable.

Zero-day Vulnerability Exploited

Guan Tianfeng exploited a zero-day vulnerability in a firewall product to compromise approximately 81,000 firewalls worldwide, including 36 critical infrastructure systems in the US, which aimed to steal sensitive data and deploy the Ragnarok ransomware

- Advertisement - Google News

It could have potentially disabled security measures and encrypted critical systems, leading to severe consequences, such as oil rig malfunctions and potential loss of life, while timely detection and mitigation of the attack prevented significant damage.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Guan, a Chinese cybersecurity researcher affiliated with Sichuan Silence, a Chinese government contractor, exploited a zero-day vulnerability to compromise a US firewall in April 2020 by leveraging tools and techniques provided by Sichuan Silence, enabling access to sensitive US networks. 

Sichuan Silence, known for its involvement in cyber espionage and offensive cyber operations, has been sanctioned by the US Office of Foreign Assets Control (OFAC) for these malicious activities, which pose a significant threat to US national security.

OFAC has imposed sanctions on designated persons, blocking their U.S. assets and prohibiting transactions with them, as entities 50% or more owned by blocked persons are also subject to these restrictions. 

Transactions involving sanctioned individuals or entities are not permitted to be pursued by individuals or entities based in the United States. 

Financial institutions and other persons involved in such transactions may face sanctions or enforcement actions, as OFAC’s sanctions aim to induce behavioral change and may be lifted under specific conditions.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free 

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at...

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to...

State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape

Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid...

NVIDIA Riva AI Speech Flaw Let Hackers Gain Unauthorized Access to Abuse GPU Resources & API keys

Researchers have uncovered significant security vulnerabilities in NVIDIA Riva, a breakthrough AI speech technology...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at...

State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape

Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid...

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to...