The US Government Charges China-Based Hacker For Exploiting Zero-Day Vulnerability

On December 10, 2024, the federal government unsealed an indictment in federal court in Indiana, charging Chinese national Guan Tianfeng (Guan) for his role in allegedly breaking into thousands of Sophos Ltd. (Sophos) firewall devices globally in 2020. In total, Guan and his co-conspirators infected approximately 81,000 firewall devices worldwide, including a firewall device used by an agency of the United States (US).

According to the indictment, Guan worked at Sichuan Silence Information Technology Company, Limited (Company). According to the Company's website, it developed a product line that could be used to scan and detect overseas network targets to obtain valuable intelligence information. The Federal Bureau of Investigation is investigating the Company's hacking activities and intrusions into various edge devices.

Guan has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. The US Department of State also announced rewards on the same day as the indictment of up to $10 million for information leading to the identification or location of Guan or any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act. The US Department of the Treasury's Office of Foreign Assets Control also announced sanctions on Sichuan Silence and Guan today.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.