US Offers $10 Million Bounty For Chinese Hacker
The United States is reinforcing its move to apprehend and crack down on a notorious Chinese hacker.
The government has offered a $10 million reward on Tuesday for information leading to the arrest of the Chinese hacker, Guan Tianfeng, and his co-conspirators wanted for hacking computer firewalls.
Tianfeng, 30, is believed to be living in China’s Sichuan Province, according to the State Department.
An indictment charging Tianfeng with conspiracy to commit computer fraud and conspiracy to commit wire fraud was unsealed on Tuesday.
The Treasury Department said it had imposed sanctions on the company Tianfeng worked for, Sichuan Silence Information Technology Co Limited.
Tianfeng and co-conspirators at Sichuan Silence allegedly took advantage of a vulnerability in firewalls sold by United Kingdom-based cybersecurity company Sophos Limited, according to the indictment.
“The defendant and his co-conspirators exploited a vulnerability in tens of thousands of network security devices, infecting them with malware designed to steal information from victims around the world,” Deputy Attorney-General, Lisa Monaco said in a statement.
Some 81,000 firewall devices were simultaneously attacked worldwide in April 2020, the indictment said, to steal data, including usernames and passwords, while also attempting to infect the computers with ransomware.
Tianfeng and co-conspirators at Sichuan Silence allegedly took advantage of a vulnerability in firewalls sold by United Kingdom-based cybersecurity company Sophos Limited, according to the indictment.
“The defendant and his co-conspirators exploited a vulnerability in tens of thousands of network security devices, infecting them with malware designed to steal information from victims around the world,” Deputy Attorney-General, Lisa Monaco said in a statement.
Some 81,000 firewall devices were simultaneously attacked worldwide in April 2020, the indictment said, to steal data, including usernames and passwords, while also attempting to infect the computers with ransomware.
More than 23,000 firewalls were in the US, of which 36 were protecting “critical infrastructure companies’ systems,” the Treasury said.
“The zero-day vulnerability Guan Tianfeng and his co-conspirators found and exploited affected firewalls owned by businesses across the United States.
If Sophos had not rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe,” FBI agent, Herbert Stapleton said.
According to the indictment, Sichuan Silence sold its services and the data it obtained through hacking to Chinese businesses and government entities, including the Ministry of Public Security.
A man who answered a call to a phone number registered with Sichuan Silence said the company “did not accept interviews” and declined to comment on the sanctions.