US Sanctions Chinese Cybersecurity Firm Over Major Cyberattack

Introduction

Description

On December 10 [1] [6], the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on Sichuan Silence Information Technology Company [3], Limited [3], a Chinese cybersecurity firm based in Chengdu, and its employee Guan Tianfeng [1] [3] [4] [5] [6]. These sanctions were a response to a significant cyberattack in April 2020 that exploited vulnerabilities in computer firewalls, compromising approximately 81,000 firewalls globally, including more than 23,000 in the United States [3], with 36 of those specifically protecting critical infrastructure [5]. The attack involved malware that utilized a SQL injection attack to execute a script from a malicious server as part of the Asnarök Trojan toolkit [2], which was designed to steal sensitive data [5], including usernames and passwords [4], and deploy ransomware that could lead to significant operational failures in critical sectors [5], particularly in energy. At the time of the attack [1], one US energy firm was actively drilling [1], raising serious concerns about potential malfunctions and loss of life [5].

Guan Tianfeng [1] [2] [3] [4] [5] [6], a security researcher at Sichuan Silence [3] [6], faces charges of conspiracy to commit computer and wire fraud [1] [6], with an unsealed indictment against him. The US State Department is offering a reward of up to $10 million for information regarding him, his company [1] [4] [5] [6], or their hacking activities [1]. Following the attack [2], Sophos quickly released a patch to neutralize the malicious scripts [2], but Guan attempted to modify the malware to bypass this security measure. The sanctions [2] [3] [5], imposed under Executive Orders 13694 and 13757 [3], freeze all US assets of the designated individuals and entities, prohibiting US persons from engaging in transactions involving them. Financial institutions and individuals that interact with the sanctioned entities may face additional sanctions or enforcement actions [3]. The ultimate goal of these measures is to encourage a change in behavior rather than to impose punishment, emphasizing the importance of holding cyber attackers accountable [2]. Guan is believed to reside in Sichuan Province [2], China [2], and may also travel to Bangkok [2], Thailand [2]. Additionally, Sichuan Silence has been linked to Chinese intelligence agencies and has a history of involvement in cyber activities, including previous allegations of connection to disinformation campaigns [5].

Conclusion

The sanctions against Sichuan Silence Information Technology Company and Guan Tianfeng highlight the serious implications of cyberattacks on global security and critical infrastructure. The swift response by Sophos to release a patch demonstrates the importance of timely mitigation efforts in cybersecurity. These measures aim to deter future cyber threats by holding perpetrators accountable and encouraging behavioral change. The ongoing investigation and potential for further sanctions underscore the international community’s commitment to combating cybercrime and protecting sensitive information.

References

[1] https://www.isss.org.uk/news/us-sanctions-chinese-firm-over-potentially-deadly-ransomware-attack/
[2] https://www.techrepublic.com/article/sichuan-silence-sanction-us/
[3] https://home.treasury.gov/news/press-releases/jy2742
[4] https://www.voanews.com/a/us-sanctions-chinese-cybersecurity-firm-for-malicious-activities/7896129.html
[5] https://www.aljazeera.com/economy/2024/12/10/us-sanctions-china-cyber-firm-for-potentially-deadly-ransomware-attack
[6] https://www.ntd.com/us-sanctions-chinese-company-indicts-hacker-over-cyberattacks_1033861.html

You may also want to see:

Southampton UK