US Targets Chinese Cybersecurity Firm Over Ransomware Attacks

The U.S. Treasury Department has sanctioned a Chinese cybersecurity firm for its alleged involvement in 2020 ransomware attacks, exposing the growing threat of state-sponsored cyber warfare.

At a Glance

The U.S. has sanctioned Chinese firm Sichuan Silence and employee Guan Tianfeng for 2020 ransomware attacks.
The attacks exploited firewall vulnerabilities, compromising 81,000 firewalls globally, including 23,000 in the U.S.
Malware targeted critical infrastructure, risking potentially deadly consequences.
The U.S. offers a $10 million reward for information on Sichuan Silence or Guan.
The sanctions prohibit U.S. transactions with the firm and individual, freezing U.S.-based assets.

Chinese Firm Sanctioned for Cyber Attack on U.S. Infrastructure

The U.S. Treasury Department has taken decisive action against Chinese cybersecurity company Sichuan Silence Information Technology and its employee Guan Tianfeng for their alleged involvement in a series of ransomware attacks in April 2020. This move underscores the growing concern over state-sponsored cyber threats to national security and critical infrastructure.

According to U.S. officials, Guan Tianfeng discovered a zero-day vulnerability in a firewall product, which was then exploited to deploy malware to approximately 81,000 firewalls worldwide. The attack specifically targeted U.S. critical infrastructure, compromising over 23,000 firewalls in the United States alone, including those of a U.S. energy company.

US Treasury OFAC sanctions Chinese cybersecurity company Sichuan Silence and one of its employees, Guan Tianfeng, "for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide. Many of the victims were U.S. critical infrastruc… https://t.co/FGuo2fvntA

— Steve Herman (@W7VOA) December 10, 2024

Scope and Severity of the Cyber Attack

The Treasury Department emphasized the potentially catastrophic consequences of the attack. The malware was designed not only to steal sensitive data but also to deploy ransomware, which could have led to critical infrastructure failures.

“The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world,” stated Assistant Attorney General for National Security Matthew G. Olsen.

In a particularly alarming development, a U.S. energy company was among the victims, raising concerns about potential oil rig malfunctions and the risk of loss of life. The Treasury Department stated that the attack “could have resulted in serious injury or the loss of human life,” highlighting the gravity of the situation.

U.S. Response and Ongoing Cybersecurity Concerns

In response to this threat, the U.S. government has taken a multi-pronged approach. The Department of Justice unsealed an indictment against Guan, while the State Department offered a substantial $10 million reward for information leading to the identification or location of Sichuan Silence or Guan.

“Today’s action underscores our commitment to exposing these malicious cyber activities … and to holding the actors behind them accountable for their schemes,” stated Bradley Smith from the Treasury Department.

The sanctions imposed prohibit U.S. transactions with Guan and Sichuan Silence, effectively freezing any U.S.-based assets tied to them. This move is part of a broader strategy to combat Chinese cyber threats, which have become a top priority for U.S. national security.

Recent allegations of Chinese hackers stealing metadata from U.S. telecom firms and the discovery of a campaign named Salt Typhoon targeting U.S. telecommunications further underscore the persistent and evolving nature of these cyber threats.

As the U.S. continues to grapple with these challenges, the sanctions against Sichuan Silence serve as a clear message that malicious cyber activities will not go unchecked, regardless of their origin. The government’s commitment to leveraging all available tools to disrupt and deter such attacks remains unwavering in the face of this growing digital menace.