Monday , July 13 2026
firewall

Sophos Thwarts Global Firewall Attack promptly, Protects Thousands from Data Theft

On 10Th December, 2024 The US Department of Justice said in a press release that a Chinese-born man named Guang Tianpeng was indicted on charges for hacking attempt about 81,000 firewalls worldwide in 2020. The country announced a $10 million reward for information leading to his arrest on Tuesday.

Guan and his co-conspirators, employed by Sichuan Silence Information Technology Co. Ltd., targeted a previously unknown vulnerability (“0-day” vulnerability) in certain firewalls sold by U.K.-based Sophos Ltd. (Sophos) – an information technology company that develops and markets cybersecurity products.

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

The U.S. Department of State has announced rewards of up to $10 million for information leading to the identification or location of Guan or anyone engaged in malicious cyber activities against U.S. infrastructure under foreign control. Additionally, the U.S. Department of the Treasury has imposed sanctions on Sichuan Silence and Guan.

In 2020, Guan and his associates allegedly targeted 0-day vulnerability (CVE 2020-12271) in around 81,000 Sophos firewalls globally, including in Indiana. The malware was designed to steal information from the firewalls and was disguised using domains resembling Sophos. Sophos detected the breach and quickly patched the vulnerability within two days. In response, the attackers modified their malware to deploy ransomware if victims tried to remove it. Although their encryption efforts failed, it highlighted their disregard for potential harm.

In October, Sophos published a series of articles detailing its “Pacific Rim” investigation, which tracked PRC-based advanced persistent threat groups targeting its network appliances for over five years, it described as “unusually knowledgeable about the internal architecture of the device firmware. One of the attacks in the report involved CVE-2020-12271. Following Sophos’ revelations, the FBI called for information on intrusions into Sophos edge devices and continues to seek details on PRC-sponsored cyberattacks targeting network security appliances.

And ultimately The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is sanctioning the Chinese cybersecurity company Sichuan Silence Information Technology and its employee, Guan Tianfeng, for their involvement in the April 2020.

Herbert J. Stapleton, special agent in charge for the FBI Field Office in Indianapolis

 

 

Special Agent in Charge Herbert J. Stapleton of the FBI Indianapolis Field Office said, “If Sophos had not rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe. Sophos’s efforts combined with the dedication and expertise of our cyber squad formed a powerful partnership resulting in the mitigation of this threat.”

 

 

In the whole incident, Sophos plays a crucial role as a cybersecurity firm in both preventing widespread damage and responding effectively to the exploitation of a vulnerability.

Here’s a breakdown of Sophos’s role in this cyber attack:

Discovery of the Vulnerability and Response:
Sophos swiftly identified the 0-day vulnerability (CVE-2020-12271) in its firewall devices. The company’s rapid detection and response within two days were crucial in minimizing the attack’s impact. Sophos quickly deployed updates to secure its customers’ systems and prevent further exploitation, avoiding a more severe global impact on organizations.

Collaboration with Law Enforcement:
Sophos effectively collaborated with law enforcement, especially the FBI, to combat cyber threats. The FBI and other agencies commended Sophos for its technical expertise and support in stopping cybercriminals and safeguarding affected networks. This partnership highlights Sophos’s strong reputation in cybersecurity. Their involvement helped prevent further damage and enabled authorities to collect evidence for the indictment of the cybercriminals.

Proactive Threat Intelligence:
Sophos, in its “Pacific Rim” report, detailed its proactive approach to cybersecurity. The company has been monitoring and detecting threats from Chinese advanced persistent threat (APT) groups that have targeted its devices for years. Sophos’s research and threat tracking strengthen its position as a vital cybersecurity provider, keeping the community informed about potential risks.

Protection of Critical Infrastructure:
Sophos played a crucial role in protecting critical infrastructure, including U.S. government and private sector networks. The attack aimed at vital network security devices, which, if breached, could have weakened global cybersecurity efforts. Sophos acted quickly to secure infected firewalls to stop the malware from spreading and preventing potential data theft or system shutdowns.

Reputation and Expertise:
The case demonstrates that Sophos is more than a cybersecurity provider; it is an expert in detecting and responding to complex cyber threats. Their quick and skilled response showcases the importance of strong cybersecurity solutions in protecting against evolving risks.

Sophos was crucial in detecting the security breach, responding swiftly to limit damage, and working with law enforcement to hold the culprits accountable. Their actions helped protect affected organizations and individuals, preserving trust in their cybersecurity products.

Check Also

CLI

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a “massive, ongoing, automated password spray attack” aimed at Microsoft’s …