US Treasury Department sanctions Chinese company for ransomware attacks

US Treasury Department sanctions Chinese company for ransomware attacks

US Treasury Department sanctions Chinese company for ransomware attacks

Cybersecurity firm Sichuan Silence Information Technology Company and an employee were attacked by a massive firewall compromise in 2020.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sweeping sanctions against a Chinese cybersecurity company and one of its employees following a widespread campaign targeting tens of thousands of companies around the world.

Both Sichuan Silence Information Technology Company and Guan Tianfeng, both based in the People’s Republic of China, were targeted for their role in a 2020 cyber campaign that deployed malware to more than 80,000 firewalls worldwide.

More than 23,000 firewalls were in place in the United States, 36 of which protected critical infrastructure entities between April 22 and 25. According to the Treasury Department, the potential for disruption to the campaign was catastrophic. An energy company was involved in drilling operations on oil platforms at the time of the attack, which could have resulted in “significant loss of life.”

The malware was designed to steal user data and credentials, and in addition, Guan Tianfeng also deployed the Ragnarok ransomware variant on victims’ networks. The Justice Department also charged Guan Tianfeng for his role in the campaign.

“Today’s action underscores our commitment to exposing these malicious cyber activities, many of which pose a significant risk to our communities and our citizens, and to holding the actors behind them accountable for their plans,” Deputy Secretary Bradley T. Smith acting Treasury Secretary for Terrorism and Financial Intelligence, he said in a statement.

“Treasury, as part of the US government’s coordinated approach to addressing cyber threats, will continue to leverage our tools to thwart attempts by malicious cyber actors to undermine our critical infrastructure.”

Sichuan Silence is based in Chengdu province and is known to work with the intelligence services of the People’s Republic of China, while Guan Tianfeng commonly competed in cybersecurity tournaments and has been observed actively sharing exploits on hacking forums under the pseudonym GbigMao.

Under the sanctions, all US-based assets of Sichuan Silence and Guan Tianfeng must be reported to OFAC, while all transactions with the aforementioned are henceforth prohibited.

Cybersecurity company Sophos was involved in the investigation of the firewall campaign, as its firewall products were the target.

“Throughout our five-year offensive operation against interconnected Chinese nation-state adversaries, an operation we have called Pacific Rim, we successfully gathered critical intelligence on their activities,” said Ross McKerchar, CISO at Sophos.

“In particular, we were able to link much of the attackers’ exploit research and development to the Sichuan region of China, specifically, the Sichuan Silence Information Technology Double Helix Research Institute. Additionally, after neutralizing a wave of attacks we called Asnarok, we discovered links between the attacks and a person calling himself GBigMao.

“Today we are pleased that the Department of Justice has unsealed its indictment against GbigMao, also known as Guan Tianfeng, and that the Treasury has sanctioned Sichuan Silence. “This is a positive step in disrupting the operations of these attackers.”

Leave a Reply

Your email address will not be published. Required fields are marked *