The United States has sanctioned a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in the Sophos firewall to target American organizations.
The U.S. Treasury Department announced Tuesday that Guan Tianfeng, an employee of Sichuan Silence, used the vulnerability to breach approximately 81,000 firewalls in April 2020. The hacking campaign, detailed by Sophos in November, led to the breach of more than 23,000 firewalls in China. In the United States, dozens of them were used by government agencies and critical infrastructure companies.
One of the companies was an energy company involved in drilling operations. The Treasury said the incident could have resulted in “significant loss of life” had the attack been successful.
“The purpose of the exploit was to steal data using compromised firewalls,” the Treasury Department said. “However, Guan also attempted to infect victims' systems with a variant of the Ragnarok ransomware.”