Feds indict Chinese hacker for trying to compromise firewalls used by ‘U.S. critical infrastructure companies’
The federal government has accused a Chinese hacker — whose company is a Chinese intelligence-linked contractor — as part of an effort in April 2020 to exploit weaknesses in computer firewalls used by ‘U.S. critical infrastructure companies’. A grand jury indicted Guan Tianfeng, 30, of Sichuan Province, China, on Sept. 19 in the U.S. District Court in Hammond for conspiracy to commit computer fraud, and conspiracy to commit wire fraud. The case was unsealed Tuesday. Online court records do not yet show an attorney. The U.S. State Department announced Tuesday it was offering up to a $10 million reward for […]
The federal government has accused a Chinese hacker — whose company is a Chinese intelligence-linked contractor — as part of an effort in April 2020 to exploit weaknesses in computer firewalls used by ‘U.S. critical infrastructure companies’.
A grand jury indicted Guan Tianfeng, 30, of Sichuan Province, China, on Sept. 19 in the U.S. District Court in Hammond for conspiracy to commit computer fraud, and conspiracy to commit wire fraud. The case was unsealed Tuesday.
Online court records do not yet show an attorney.
The U.S. State Department announced Tuesday it was offering up to a $10 million reward for information on Guan — a “security researcher”, his co-conspirators, or the company, Sichuan Silence Information Technology Co. Ltd.
The U.S. Department of Treasury said it had imposed sanctions on him and the firm.
Specific U.S. targets were not listed in the indictment.
A press release from the U.S. Treasury notes “one victim was a U.S. energy company that was actively involved in drilling operations at the time of the compromise. If this compromise had not been detected, and the ransomware attack had not been thwarted, it could have caused oil rigs to malfunction potentially causing a significant loss in human life.”
Multiple attempts to contact BP, which operates the Midwest’s largest oil refinery in Whiting, were not successful.
A spokeswoman for Cleveland Cliffs said the company was not affected. Representatives from U.S. Steel and Ports of Indiana did not immediately respond for comment.
U.S. Authorities allege Guan found a “zero-day exploit” in a firewall by U.K.-based Sophos Ltd. — or a “vulnerability” for a cyberattack.
He helped send malware to 81,000 firewalls used by businesses worldwide, including 23,000 in the U.S. Three dozen were “protecting U.S. critical infrastructure companies’ systems,” the release stated.
The goal was to steal data, including user names and passwords. Guan also tried to infect their systems with ransomware.
Sophos found and patched it within two days.
“The zero-day vulnerability Guan Tianfeng and his co-conspirators found and exploited affected firewalls owned by businesses across the United States, including in Indiana,” FBI Indianapolis Special Agent in Charge Herbert J. Stapleton said in a release. “If Sophos had not rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe.”
Guan may also have ties in Bangkok, Thailand, according to the FBI.
What's Your Reaction?
