US Treasury Department Sanctions Chinese Company for Ransomware Attacks

US Treasury Department Sanctions Chinese Company for Ransomware Attacks

US Treasury Department Sanctions Chinese Company for Ransomware Attacks

Cybersecurity firm Sichuan Silence Information Technology Company and an employee were targeted for a massive firewall compromise in 2020.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced tough sanctions against a Chinese cybersecurity company and one of its employees following a broad campaign targeting tens of thousands of companies around the world.

The Sichuan Silence Information Technology Company and Guan Tianfeng – both based in the People’s Republic of China – were targeted for their role in a 2020 cyber campaign that deployed malware on more than 80,000 firewalls around the world .

More than 23,000 firewalls were installed in the United States, 36 of which protected critical infrastructure entities between April 22 and 25. According to the Treasury Department, the potential for campaign disruption was catastrophic. An energy company was involved in drilling operations on an oil rig at the time of the attack, which could have resulted in “a significant loss of life.”

The malware was designed to steal user data and credentials. Additionally, Guan Tianfeng also deployed the Ragnarok ransomware variant on victims’ networks. The Justice Department also indicted Guan Tianfeng for his role in the campaign.

“Today’s action underscores our commitment to exposing these malicious cyber activities – many of which pose a significant risk to our communities and citizens – and to holding the actors behind them accountable for their schemes,” Bradley T. Smith, Acting Undersecretary of the Treasury for Terrorism and Financial Intelligence, said in a statement.

“Treasury, as part of the U.S. government’s coordinated approach to combating cyber threats, will continue to leverage our tools to thwart attempts by malicious cyber actors to undermine our critical infrastructure.”

Sichuan Silence is based in Chengdu province and is known to work with the PRC’s intelligence services, while Guan Tianfeng regularly participates in cybersecurity tournaments and has been observed actively sharing exploits on hacking forums under the pseudonym by GbigMao.

Under the sanctions, all U.S. assets of Sichuan Silence and Guan Tianfeng must be reported to OFAC, while all transactions with the named individuals are now prohibited.

Cybersecurity company Sophos was involved in the investigation into the firewall campaign because its firewall products were targeted.

“Throughout our five-year offensive operation against interdependent Chinese nation-state adversaries – an operation we called Pacific Rim – we successfully collected critical intelligence on their activities,” said Ross McKerchar, CISO of Sophos .

“In particular, we were able to link much of the attackers’ research and development to the Sichuan region of China, in particular to the Double Helix Research Institute of Sichuan Silence Information Technology. Additionally, after neutralizing a wave of attacks we named Asnarok, we discovered links between the attacks and someone known by the nickname GBigMao.

“Today, we are pleased that the Department of Justice has unsealed its indictment against GbigMao, aka Guan Tianfeng, and that Treasury has sanctioned Sichuan’s silence. This is a positive step toward disrupting the operations of these attackers.”

AT&T and T-Mobile locked phones are good, actually

AT&T and T-Mobile locked phones are good, actually

Amazon is building the world's largest supercomputer

Amazon is building the world’s largest supercomputer

Leave a Reply

Your email address will not be published. Required fields are marked *