The U.S. Department of Justice is looking to bring in a Chinese hacker accused of hacking Sophos Firewall devices.
The U.S. District Court of Hammond, Indiana, had the honor of processing charges against Guan Tianfeng, the China-based threat actor who stands accused of running a criminal operation that compromised commercial firewalls from Sophos.
According to the feds, Guan was the mastermind of a company called Sichuan Silence Information Technology Co. Ltd. It is alleged that the company was a front for the Chinese Communist Party and was tasked with sniffing out vulnerabilities in the firewall.
It is alleged that Guan figured out a zero-day vulnerability in Sophos software and then used that flaw to compromise thousands of systems and perform covert surveillance.
“Our law enforcement actions, technical expertise, and enduring partnerships with private companies, like Sophos, demonstrate the reputation of the FBI as being a reliable and effective partner for stopping this malicious activity,” said Bryan Vorndran, assistant director of the FBI cyber division.
“Complementary actions prevented further victimization of U.S. businesses and individuals while contributing to the safety of U.S. citizens as they use the internet.”
This, in turn, lead to thousands of individual device compromises and invasions of privacy in individuals and organizations.
The criminal hacker is also said to have set up a number of domains that impersonated legitimate Sophos services in an effort to conceal their activity and evade detection by authorities.
“The malware that exploited the vulnerability discovered by Guan was designed to steal information from infected computers and to encrypt files on them if a victim attempted to remediate the infection,” the DOJ said in announcing the charges.
“In total, Guan and his co-conspirators infected approximately 81,000 firewall devices worldwide, including a firewall device used by an agency of the United States.”
Unfortunately for the U.S. government, indicting an individual and bringing them to criminal charges are two very different things. The DOJ is offering $10 million to anyone who can offer information leading to Guan’s capture.
“The zero-day vulnerability Guan Tianfeng and his co-conspirators found and exploited affected firewalls owned by businesses across the United States, including in Indiana,” said Special Agent in Charge Herbert J. Stapleton.
“If Sophos had not rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe.”