Laptop Computer with Unreadable Code on Screen. A laptop computer in the dark with illuminated keyboard and illegible mystic program code on the screen. Getty Images
A Chinese national has been indicted and a cybersecurity company has been sanctioned over their alleged involvement in a state-affiliated hacking ring that targeted networks worldwide.
The United States District Court for the Northern District of Indiana has issued an arrest warrant for Guan Tianfeng, 30, charging him with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan is accused of working with co-conspirators to exploit vulnerabilities in firewalls sold by U.K.-based security software and hardware company Sophos.
According to the indictment, Guan helped develop and test malware that exploited a zero-day vulnerability-a flaw unknown to developers or security teams, making it vulnerable to immediate attack. The group allegedly disguised their activity by registering domains designed to look like they belonged to Sophos.
Sophos detected the breach and patched the affected firewalls within two days, prompting the hackers to modify their malware so any attempt to remove it would trigger ransomware, which locks users out of their systems until a ransom is paid.
While the ransomware encryption failed, the Justice Department noted "the conspirators' disregard for the harm that they would cause to victims."
The 2020 breach compromised approximately 81,000 Sophos firewall devices, including one used by a U.S. government agency. The perpetrators sought to damage the devices and steal data from both the firewalls and the computers they protected, according to the FBI wanted poster for Guan.
The Justice Department cited court documents saying Guan worked as a security researcher for Sichuan Silence Technology Company, a cybersecurity contractor based in Chengdu. The company is linked to Chinese government entities, including the Ministry of Public Security.
Newsweek reached out to the Chinese Foreign Ministry by email with a written request for comment.
The Justice Department has offered a reward of up to $10 million for information on Guan, Sichuan Silence, or any related individuals or entities. The Department of the Treasury's Office of Foreign Assets Control has imposed sanctions on both Guan and Sichuan Silence.
"Sichuan Silence provides these clients with computer network exploitation, email monitoring, brute-force password cracking, and public sentiment suppression products and services," the Treasury said in its press release. "Additionally, Sichuan Silence provides these clients with equipment designed to probe and exploit target network routers."
Guan, known online by the handle "GbigMao," also competed on behalf of Sichuan Silence in cybersecurity tournaments, the Treasury said. He has reportedly discussed the zero-day exploits he discovered in posts in related online forums.
Cybersecurity competitions have surged in popularity in China in recent years, in line with President Xi Jinping's directive to transform the country into a "cyber powerhouse." Some of these tournaments attract tens of thousands of participants and are sponsored by government agencies, including the Ministry of Public Security.
Experts warn that vulnerabilities discovered in these competitions likely benefit Chinese security agencies. Eugenio Benincasa, co-author of an Atlantic Council report and senior researcher at ETH Zurich's Center for Security Studies, recently told Newsweek this knowledge is "funneled to China's security agencies for potential use in offensive operations."
The Chinese embassy in the U.S. dismissed these concerns as "malicious speculation, telling Newsweek "it is normal to strengthen technical exchanges and promote scientific and technological innovation."
Related Articles
China Cuts Key Import From Russia Amid Cooling Trade Relations
Is TikTok a National Security Threat?
Donald Trump Invited China's Xi to Presidential Inauguration: Report
TikTok Fights Canadian Shutdown Order
2024 NEWSWEEK DIGITAL LLC.
This story was originally published December 12, 2024, 5:51 AM.