InfoSecBulletin Cybersecurity for mankind
On 10Th December, 2024 The US Department of Justice said in a press release that a Chinese-born man named Guang Tianpeng was indicted on charges for hacking attempt about 81,000 firewalls worldwide in 2020. The country announced a $10 million reward for information leading to his arrest on Tuesday.
Guan and his co-conspirators, employed by Sichuan Silence Information Technology Co. Ltd., targeted a previously unknown vulnerability (“0-day” vulnerability) in certain firewalls sold by U.K.-based Sophos Ltd. (Sophos) – an information technology company that develops and markets cybersecurity products.
NVIDIA Releases Security Update For GPU Driver Vulnerabilities
‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA
159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure
NVIDIA NeMo Framework Vuln Allow Attackers RCE
Cisco Issued Urgent Security Advisories For Multiple Products
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
The U.S. Department of State has announced rewards of up to $10 million for information leading to the identification or location of Guan or anyone engaged in malicious cyber activities against U.S. infrastructure under foreign control. Additionally, the U.S. Department of the Treasury has imposed sanctions on Sichuan Silence and Guan.
In 2020, Guan and his associates allegedly targeted 0-day vulnerability (CVE 2020-12271) in around 81,000 Sophos firewalls globally, including in Indiana. The malware was designed to steal information from the firewalls and was disguised using domains resembling Sophos. Sophos detected the breach and quickly patched the vulnerability within two days. In response, the attackers modified their malware to deploy ransomware if victims tried to remove it. Although their encryption efforts failed, it highlighted their disregard for potential harm.
In October, Sophos published a series of articles detailing its “Pacific Rim” investigation, which tracked PRC-based advanced persistent threat groups targeting its network appliances for over five years, it described as “unusually knowledgeable about the internal architecture of the device firmware. One of the attacks in the report involved CVE-2020-12271. Following Sophos’ revelations, the FBI called for information on intrusions into Sophos edge devices and continues to seek details on PRC-sponsored cyberattacks targeting network security appliances.
And ultimately The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is sanctioning the Chinese cybersecurity company Sichuan Silence Information Technology and its employee, Guan Tianfeng, for their involvement in the April 2020.
Special Agent in Charge Herbert J. Stapleton of the FBI Indianapolis Field Office said, “If Sophos had not rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe. Sophos’s efforts combined with the dedication and expertise of our cyber squad formed a powerful partnership resulting in the mitigation of this threat.”
In the whole incident, Sophos plays a crucial role as a cybersecurity firm in both preventing widespread damage and responding effectively to the exploitation of a vulnerability.
Here’s a breakdown of Sophos’s role in this cyber attack:
Discovery of the Vulnerability and Response:
Sophos swiftly identified the 0-day vulnerability (CVE-2020-12271) in its firewall devices. The company’s rapid detection and response within two days were crucial in minimizing the attack’s impact. Sophos quickly deployed updates to secure its customers’ systems and prevent further exploitation, avoiding a more severe global impact on organizations.
Collaboration with Law Enforcement:
Sophos effectively collaborated with law enforcement, especially the FBI, to combat cyber threats. The FBI and other agencies commended Sophos for its technical expertise and support in stopping cybercriminals and safeguarding affected networks. This partnership highlights Sophos’s strong reputation in cybersecurity. Their involvement helped prevent further damage and enabled authorities to collect evidence for the indictment of the cybercriminals.
Proactive Threat Intelligence:
Sophos, in its “Pacific Rim” report, detailed its proactive approach to cybersecurity. The company has been monitoring and detecting threats from Chinese advanced persistent threat (APT) groups that have targeted its devices for years. Sophos’s research and threat tracking strengthen its position as a vital cybersecurity provider, keeping the community informed about potential risks.
Protection of Critical Infrastructure:
Sophos played a crucial role in protecting critical infrastructure, including U.S. government and private sector networks. The attack aimed at vital network security devices, which, if breached, could have weakened global cybersecurity efforts. Sophos acted quickly to secure infected firewalls to stop the malware from spreading and preventing potential data theft or system shutdowns.
Reputation and Expertise:
The case demonstrates that Sophos is more than a cybersecurity provider; it is an expert in detecting and responding to complex cyber threats. Their quick and skilled response showcases the importance of strong cybersecurity solutions in protecting against evolving risks.
Sophos was crucial in detecting the security breach, responding swiftly to limit damage, and working with law enforcement to hold the culprits accountable. Their actions helped protect affected organizations and individuals, preserving trust in their cybersecurity products.
