1. Forum
  2. FidoNet
  3. POLITICS

  • Chinese cybersecurity fir

    From Mike Powell@1:2320/105 to All on Wed Dec 11 09:20:00 2024
    Chinese cybersecurity firm facing US sanctions over alleged ransomware attacks

    Date:
    Wed, 11 Dec 2024 11:21:04 +0000

    Description:
    US Government sanctions Chinese cybersecurity firm responsible for thousands
    of critical infrastructure attacks.

    FULL STORY

    Chinese cybersecurity firm Sichuan Silence has been sanctioned by the US Treasury Departments Office of Foreign Assets Control (OFAC) for its role in
    a string of Ragnarok ransomware attacks in April of 2020, in which tens of thousands of firewalls were compromised across the globe.

    Also sanctioned was an employee of the firm, Guan Tianfeng, who is allegedly single-handedly responsible for exploiting 81,000 Sophos firewalls. Guan discovered a zero-day exploit in the Sophos firewall and used this to compromise businesses, and steal information like passwords.

    Once the information was obtained, Guan would often disable the victims anti-virus software and encrypt the device with a Ragnarok ransomware
    variant, which infected the victims device.

    23,000 successful compromises

    The wide-reaching cyber espionage campaign compromised over 23,000 firewalls
    in the US alone, with 36 critical infrastructure targets - including an
    energy company. Obviously an impressive cybercriminal, Guan (also known as GbigMao), also competed in cybersecurity tournaments on behalf of Sichuan Silence.

    The Justice Department has offered a $10 million reward for any information that could lead to the location of the attacker. The malicious cyber
    activities against infrastructure are violations of the Computer Fraud and Abuse Act.

    The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world, said Assistant Attorney General for National Security Matthew G. Olsen.

    The sanctions include the seizure of any US property or assets belonging to
    the firm or to Guan, and blocking any entities that are more than 50% owned
    by Sichuan Silence, unless authorized by the OFAC.

    The US government recently announced that mitigating Chinese cyberattacks is
    a top priority for US security forces , citing serious national security concerns.

    The cybersecurity firm is said to have served as a third-party contractor for the Chinese governments intelligence agency, offering tools and skills. From now on, US organizations and citizens are prohibited from engaging in any financial transactions with the firm.

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/chinese-cybersecurity-firm-facing-us-sa nctions-over-alleged-ransomware-attacks

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)