December 10, 2024 at 11:40AM
The U.S. Treasury sanctioned Sichuan Silence, a Chinese cybersecurity firm, and an employee for involvement in 2020 Ragnarok ransomware attacks on U.S. critical infrastructure. Guan Tianfeng exploited a zero-day vulnerability, compromising 81,000 firewalls globally, including over 23,000 in the U.S. A $10 million reward has been offered for information.
**Meeting Takeaways:**
1. **Sanctions Overview:**
– The U.S. Treasury Department has sanctioned Sichuan Silence, a Chinese cybersecurity firm, and an employee, Guan Tianfeng, for their roles in the April 2020 Ragnarok ransomware attacks.
2. **Company Profile:**
– Sichuan Silence operates as a cybersecurity government contractor in Chengdu, providing services to clients, including Chinese intelligence services.
– Key services offered include computer network exploitation, brute-force password cracking, email monitoring, and public sentiment suppression.
3. **Attack Details:**
– Guan Tianfeng discovered a zero-day exploit affecting an unnamed firewall product, which was used to deploy malware to around 81,000 firewalls globally from April 22 to 25, 2020.
– Over 23,000 of the compromised firewalls were in the U.S., with 36 associated with U.S. critical infrastructure, including an energy company involved in drilling operations.
4. **Potential Consequences:**
– The ransomware attacks could have resulted in significant human loss if not prevented.
– The victims were targeted using a zero-day SQL injection vulnerability specifically related to Sophos XG firewalls, which led to the deployment of the Asnarök Trojan and subsequent ransomware activation through a ‘dead man switch.’
5. **Legal Actions:**
– An indictment against Guan has been unsealed by the Department of Justice, and the State Department is offering up to $10 million for information regarding Sichuan Silence or Guan through its Rewards for Justice program.
6. **Impact of Sanctions:**
– U.S. citizens and organizations are prohibited from transactions with Guan and Sichuan Silence.
– U.S.-based assets connected to them will be frozen, and U.S. financial institutions face potential penalties for dealings with the sanctioned parties.