The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has named and sanctioned Sichuan Silence Information Technology Company, Limited (Sichuan Silence) and Guan Tianfeng (Guan), both China-based, as those responsible for the April 2020 attack on 80,000+ firewalls worldwide.
The OFAC has alleged that Guan, an employee of Sichuan Silence, discovered a zero-day in the firewalls - all sold by Sophos - and developed, tested, and then used malware once the firewalls had been breached. The malware was designed to steal information on victims’ computers and encrypt files if an attempt was made to remedy the infection.
According to court documents, Sichuan Silence has provided services to, among others, China’s Ministry of Public Security. Sichuan Silence’s website states that it has products that can be used to scan and detect foreign network targets and obtain valuable intelligence information.
“Today’s action underscores our commitment to exposing these malicious cyber activities … and to holding the actors behind them accountable,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “Treasury will continue to leverage our tools to disrupt attempts by malicious cyber actors to undermine our critical infrastructure.”
Further to the OFAC, the FBI praised Sophos for its swift actions, stating that the damage could have been far more severe if Sophos hadn’t identified the vulnerability and deployed a swift and comprehensive response.
The US Department of State also weighed in on the act and offered rewards of up to $10 million for information leading to the identification or location of Guan or any of his co-conspirators.
