China Sanctions Hit: Sichuan Silence Accused of Ransomware Attacks (Sophos Zero-Day Exploited)

China Sanctions Hit: Sichuan Silence Accused of Ransomware Attacks (Sophos Zero-Day Exploited)

In a significant move, the U.S. Department of the Treasury has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of ransomware attacks targeting U.S. critical infrastructure and other victims worldwide. The attacks, which occurred in April 2020, utilized a zero-day vulnerability (CVE-2020-12271) in Sophos XG firewalls, putting countless businesses at risk. The Actors: Sichuan Silence: A Chengdu-based cybersecurity firm identified as a government contractor with ties to Chinese intelligence services. The company reportedly offers services like network exploitation, password cracking, and email monitoring. Guan Tianfeng (GbigMao): A Sichuan Silence employee and security researcher who allegedly discovered the zero-day exploit used in the attacks. The Attacks: April 2020: Tianfeng exploited the Sophos XG firewall vulnerability to deploy malware to roughly 81,000 firewalls globally. The attackers aimed to steal data (usernames/p…