US indicts & sanctions Chinese cybersecurity firm, researcher for attacks on critical infrastructure

In a coordinated crackdown on Chinese cyber warfare, the United States has indicted and sanctioned a cybersecurity firm and researcher for conducting cyberattacks on critical US infrastructure.

In a statement on Tuesday (December 10), the Department of Justice said that a Chinese cybersecurity company, Sichuan Silence Information Technology Co. Ltd, and one of its researchers, Guan Tianfeng, have been indicted for cyberattacks in the United States and abroad.

Guan has been formally charged with the conspiracy to commit computer fraud and the conspiracy to commit wire fraud.

Separately, the Department of Treasury imposed sanctions on Sichuan Ltd and Guan and the Department of States announced a reward of up to $10 million for information leading to the identification or location of Guan.

Deputy Attorney General Lisa Monaco said that Sichuan and Guan’s cyberattacks affected tens of thousands of network security devices. She said that they infected these devices with “malware designed to steal information”.

Overall, around 81,000 devices were attacked by Sichuan and Guan, according to the DoJ.

Chinese cyberattack would’ve led to loss of life if not foiled

Guan and his co-conspirators attacked the firewalls sold by British company Sophos Ltd in what’s called a ‘zero-day’ exploits.

In the zero-day exploits, cybercriminals discover a previously unknown pathway in a software, network, or hardware, to access it without authorisation with the intention of accessing and stealing data or planting malwares or corrupting files or committing any other nefarious deed.

Of the 81,000 firewall devices that Guan et al infected worldwide, 23,000 were in the United States and 36 of them were part of the critical infrastructure, according to the Department of Treasury.

In a statement on Tuesday, the Treasury said that if the attack would not have been foiled and the vulnerability not fixed, the consequences would have been fatal.

If any of the victims had failed to patch their systems to mitigate the exploit or cybersecurity measures had not identified and quickly remedied the Guan et al’s intrusion, the potential impact of the attack, which involved planting of a ransomware called Ragnarok, could have resulted in “serious injury or the loss of human life”, said the Treasury.

“One victim was a US energy company that was actively involved in drilling operations at the time of the compromise. If this compromise had not been detected, and the ransomware attack not been thwarted, it could have caused oil rigs to malfunction potentially causing a significant loss in human life,” said the Treasury.

Separately, Herbert J Stapleton, the Special Agent in charge of FBI Field Office in Indianapolis, said that had British company Sophos not “rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe”.

“Sophos’ efforts combined with the dedication and expertise of our cyber squad formed a powerful partnership resulting in the mitigation of this threat,” Stapleton was quoted as saying in press release by DoJ.

The Treasury said Guan et al conducted their cybercrimes during April 22-25, 2020.