CVE-2020-12271 Exploited: FBI Seeks Chinese Hacker Behind 81,000 Device Breach

The US Department of Justice announced the unsealing of an indictment against Guan Tianfeng, a Chinese national associated with Sichuan Silence Information Technology Co. Ltd., for his alleged role in a sophisticated hacking operation targeting Sophos firewalls.

This operation, which exploited a zero-day vulnerability (CVE 2020-12271) in Sophos firewalls, impacted an estimated 81,000 devices worldwide, including those utilized by US government agencies. The indictment alleges that Guan and his co-conspirators developed and deployed malware designed to exfiltrate sensitive information and encrypt files on compromised systems.

“The defendant and his co-conspirators exploited a vulnerability in tens of thousands of network security devices, infecting them with malware designed to steal information from victims around the world,” stated Deputy Attorney General Lisa Monaco. This statement underscores the severity and far-reaching implications of the breach, impacting individuals and organizations across the globe.

The indictment further reveals that the attackers attempted to deploy ransomware when Sophos moved to remediate the vulnerability, demonstrating a clear intent to inflict further damage and disruption.

“The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world,” asserted Assistant Attorney General for National Security Matthew G. Olsen. This statement emphasizes the critical role firewalls play in network security and the potential for widespread compromise when these defenses are breached.

The successful mitigation of this threat was largely due to the collaborative efforts between the FBI and Sophos. “Our law enforcement actions, technical expertise, and enduring partnerships with private companies, like Sophos, demonstrate the reputation of the FBI as being a reliable and effective partner for stopping this malicious activity,” affirmed Assistant Director Bryan Vorndran of the FBI’s Cyber Division.

The indictment also revealed that the FBI, in coordination with the U.S. Department of State, is offering a reward of up to $10 million for information leading to Guan’s capture or identification. Additionally, the U.S. Department of the Treasury has imposed sanctions on both Guan and Sichuan Silence.

Related Posts:

• Chinese Engineer Indicted for Alleged Cyber Espionage Campaign Against US Aerospace Industry
• Kansas City Man Indicted for Hacking into Nonprofit and Health Club
• North Korean Stonefly Group Continues Attacks on US Targets
• Leaked LockBit Tools: Novice Hackers Target Vulnerabilities
• Unpatched Vulnerabilities: Ransomware’s Favorite Entry Point