Saturday , April 19 2025
firewall

Sophos Thwarts Global Firewall Attack promptly, Protects Thousands from Data Theft

On 10Th December, 2024 The US Department of Justice said in a press release that a Chinese-born man named Guang Tianpeng was indicted on charges for hacking attempt about 81,000 firewalls worldwide in 2020. The country announced a $10 million reward for information leading to his arrest on Tuesday.

Guan and his co-conspirators, employed by Sichuan Silence Information Technology Co. Ltd., targeted a previously unknown vulnerability (“0-day” vulnerability) in certain firewalls sold by U.K.-based Sophos Ltd. (Sophos) – an information technology company that develops and markets cybersecurity products.

CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers

Hackers can exploit a vulnerability in Asus routers to execute unauthorized functions. This serious issue, rated 9.2 out of 10,...
Read More
CVE-2025-2492  ASUS warns of critical auth bypass flaw in routers

16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called "symlink". This number...
Read More
16,000+  Fortinet devices compromised with symlink backdoor, Mostly in Asia

Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

A critical security flaw has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, allowing an attacker to run...
Read More
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

CISA warns of increasing risk tied to Oracle legacy Cloud leak

On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy Oracle Cloud servers, emphasizing the...
Read More
CISA warns of increasing risk tied to Oracle legacy Cloud leak

CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App

Cisco issued a security advisory about a serious vulnerability in its Webex App that allows unauthenticated remote code execution (RCE)...
Read More
CVE-2025-20236  Cisco Patches Unauthenticated RCE Flaw in Webex App

Apple released emergency security updates for 2 zero-day vulns

On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly...
Read More
Apple released emergency security updates for 2 zero-day vulns

Oracle Released Patched for 378 flaws for April 2025

On April 15, 2025, Oracle released a Critical Patch Update for 378 flaws for its products. The patch update covers...
Read More
Oracle Released Patched for 378 flaws for April 2025

CVE-2025-24054
Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild

Check Point Research warns of the active exploitation of a new vulnerability, CVE-2025-24054, which lets hackers leak NTLMv2-SSP hashes using...
Read More
CVE-2025-24054  Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild

Bengaluru firm got ransomware attack, Hacker demanded $70,000

Bengaluru's Whiteboard Technologies Pvt Ltd was hit by a ransomware attack, with hackers demanding a ransom of up to $70,000...
Read More
Bengaluru firm got ransomware attack, Hacker demanded $70,000

MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

MITRE Vice President Yosry Barsoum warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness...
Read More
MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

The U.S. Department of State has announced rewards of up to $10 million for information leading to the identification or location of Guan or anyone engaged in malicious cyber activities against U.S. infrastructure under foreign control. Additionally, the U.S. Department of the Treasury has imposed sanctions on Sichuan Silence and Guan.

In 2020, Guan and his associates allegedly targeted 0-day vulnerability (CVE 2020-12271) in around 81,000 Sophos firewalls globally, including in Indiana. The malware was designed to steal information from the firewalls and was disguised using domains resembling Sophos. Sophos detected the breach and quickly patched the vulnerability within two days. In response, the attackers modified their malware to deploy ransomware if victims tried to remove it. Although their encryption efforts failed, it highlighted their disregard for potential harm.

In October, Sophos published a series of articles detailing its “Pacific Rim” investigation, which tracked PRC-based advanced persistent threat groups targeting its network appliances for over five years, it described as “unusually knowledgeable about the internal architecture of the device firmware. One of the attacks in the report involved CVE-2020-12271. Following Sophos’ revelations, the FBI called for information on intrusions into Sophos edge devices and continues to seek details on PRC-sponsored cyberattacks targeting network security appliances.

And ultimately The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is sanctioning the Chinese cybersecurity company Sichuan Silence Information Technology and its employee, Guan Tianfeng, for their involvement in the April 2020.

Herbert J. Stapleton, special agent in charge for the FBI Field Office in Indianapolis

 

 

Special Agent in Charge Herbert J. Stapleton of the FBI Indianapolis Field Office said, “If Sophos had not rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe. Sophos’s efforts combined with the dedication and expertise of our cyber squad formed a powerful partnership resulting in the mitigation of this threat.”

 

 

In the whole incident, Sophos plays a crucial role as a cybersecurity firm in both preventing widespread damage and responding effectively to the exploitation of a vulnerability.

Here’s a breakdown of Sophos’s role in this cyber attack:

Discovery of the Vulnerability and Response:
Sophos swiftly identified the 0-day vulnerability (CVE-2020-12271) in its firewall devices. The company’s rapid detection and response within two days were crucial in minimizing the attack’s impact. Sophos quickly deployed updates to secure its customers’ systems and prevent further exploitation, avoiding a more severe global impact on organizations.

Collaboration with Law Enforcement:
Sophos effectively collaborated with law enforcement, especially the FBI, to combat cyber threats. The FBI and other agencies commended Sophos for its technical expertise and support in stopping cybercriminals and safeguarding affected networks. This partnership highlights Sophos’s strong reputation in cybersecurity. Their involvement helped prevent further damage and enabled authorities to collect evidence for the indictment of the cybercriminals.

Proactive Threat Intelligence:
Sophos, in its “Pacific Rim” report, detailed its proactive approach to cybersecurity. The company has been monitoring and detecting threats from Chinese advanced persistent threat (APT) groups that have targeted its devices for years. Sophos’s research and threat tracking strengthen its position as a vital cybersecurity provider, keeping the community informed about potential risks.

Protection of Critical Infrastructure:
Sophos played a crucial role in protecting critical infrastructure, including U.S. government and private sector networks. The attack aimed at vital network security devices, which, if breached, could have weakened global cybersecurity efforts. Sophos acted quickly to secure infected firewalls to stop the malware from spreading and preventing potential data theft or system shutdowns.

Reputation and Expertise:
The case demonstrates that Sophos is more than a cybersecurity provider; it is an expert in detecting and responding to complex cyber threats. Their quick and skilled response showcases the importance of strong cybersecurity solutions in protecting against evolving risks.

Sophos was crucial in detecting the security breach, responding swiftly to limit damage, and working with law enforcement to hold the culprits accountable. Their actions helped protect affected organizations and individuals, preserving trust in their cybersecurity products.

Check Also

ANY.RUN

Top 10 Malware Threats of the Week: Reports ANY.RUN

Cybersecurity platform ANY.RUN recently reported the top 10 malware threats of the week, highlighting a …

Leave a Reply

Your email address will not be published. Required fields are marked *