US sanctions China cyber firm for potentially deadly ransomware attack

Some firewalls targeted in the US were protecting critical infrastructure companies, the US Treasury Department says.

A Chinese cybersecurity company and one of its researchers have been sanctioned by the United States over a 2020 cyberattack that sought to exploit a computer software vulnerability in company firewalls, potentially resulting in deaths from system malfunctions, the US Treasury Department has announced.

Guan Tianfeng, an employee of Sichuan Silence Information Technology Company, deployed malicious software to 81,000 firewalls run by thousands of companies worldwide in April 2020, including 23,000 in the US, the Treasury Department said in a statement on Tuesday.

The US Department of Justice also unsealed an indictment on Guan on Tuesday for his role in the cyberattack. Additionally, the US Department of State is offering a $10m reward for information about Sichuan Silence or Guan.

Sichuan Silence is a cybersecurity government contractor located in the city of Chengdu in central China whose main clients are Chinese government intelligence services, the Treasury Department said.

“Sichuan Silence provides these clients with computer network exploitation, email monitoring, brute-force password cracking, and public sentiment suppression products and services,” it added.

Al Jazeera was not able to immediately contact a lawyer for Guan to seek comment.

The sanctions come on the heels of a series of alleged Chinese cyber espionage allegations in the US.

Last week, US officials accused Chinese hackers of stealing the metadata of a large number of Americans in a wide-ranging cyberespionage campaign that has targeted at least eight US telecom firms, as well as dozens of other countries.

In November, US authorities said they had uncovered “a broad and significant” campaign carried out by China-linked hackers, dubbed Salt Typhoon, that targeted multiple telecommunications companies aiming to steal information from Americans working in government and politics.

In September, the FBI also said it had uncovered a far-reaching Chinese hacking campaign named Flax Typhoon.

The Chinese government denies that it engages in hacking and other forms of cyberattacks.

Critical infrastructure targeted

In the latest case involving Sichuan Silence, the malware was allegedly designed to steal data, including usernames and passwords, as well as deploy ransomware that blocks access to victims’ computer networks using encryption when companies try to fix the attacks.

Of the 23,000 firewalls in the US, 36 were protecting the systems of critical infrastructure companies, the Treasury Department said. If any of the targets had failed to sufficiently protect their systems or quickly detect the ransomware attack, the potential impact “could have resulted in serious injury or the loss of human life”, it added.

One victim was a US energy company that was actively involved in drilling operations at the time of the compromise, potentially causing oil rigs to malfunction and “causing a significant loss in human life”.

The sanctions effectively block any assets of Sichuan Silence and Guan in the US, and usually ban US banks, companies or individuals from doing business with them.

Sichuan Silence has previously been accused of involvement in cyberattacks. In 2021, Meta Platforms, the parent company of Facebook and Instagram, alleged that the firm was linked to an online disinformation network spreading the claims of a fake Swiss biologist who alleged the US was meddling in efforts to find the origins of COVID-19.