The US Departments of Treasury and Justice have named a Chinese business and one of its employees as the actors behind the 2020 exploit of a zero-day

US names Chinese national it alleges was behind 2020 attack on Sophos firewalls

submited by
Style Pass
2024-12-11 23:30:05

The US Departments of Treasury and Justice have named a Chinese business and one of its employees as the actors behind the 2020 exploit of a zero-day flaw in Sophos firewalls

The attack was made possible by a critical-rated SQL injection flaw known as CVE-2020-12271 that was exploited in the wild in April 2020. Sophos quickly published a hotfix to harden its XG firewalls and quash the zero-day attack.

But the DoJ on Tuesday asserted that 81,000 firewalls were nonetheless compromised – including at least one used by an agency of the United States government.

The DoJ also named Guan Tianfeng as a co-conspirator in the attack, along with fellow employees at an outfit awesomely named Sichuan Silence Information Technology Co. Ltd.

Treasury identified Guan as a security researcher at Sichuan Silence at the time of the compromise. "Guan competed on behalf of Sichuan Silence in cyber security tournaments and posted recently discovered zero-day exploits on vulnerability and exploit forums, including under his moniker GbigMao," Treasury claimed, adding that it considers him "responsible for the April 2020 firewall compromise."

The Department also alleged that Sichuan Silence is a "cyber security government contractor whose core clients are PRC intelligence services." The biz apparently offers those clients services including "computer network exploitation, email monitoring, brute-force password cracking, and public sentiment suppression products and services."

Leave a Comment