The US Federal Bureau of Investigation is offering a $10 million reward in exchange for information about Guan Tianfeng, a Chinese hacker who, in 2020, hacked more than 80,000 firewall and cybersecurity devices.
Chinese hacker wanted!
Throughout 2024, the US faced a series of cyber attacks carried out by various digital criminals who sought to steal data to sell to the highest bidder. For example, in April last year, during the regional finals of the Apex Legends global series, hackers disrupted a game, leading to the suspension of the tournament.
In August 2024, background check company National Public Data suffered an attack that exposed the data of nearly 3 billion people.
Now, it has been announced that the US is offering a reward of 10 million dollars to capture Guan Tianfeng, a Chinese hacker responsible for infecting 81,000 computers, including those of an American government agency.
Working at Sichuan Silence Information Technology Co. Ltd., Guan and his accomplices exploited a critical SQL injection flaw (CVE-2020-12271) in Sophos firewalls, allowing remote code execution.
US offers reward to capture Chinese hacker Guan Tianfeng
According to the informationthe US Federal Bureau of Investigation recently announced the million dollar reward for information that lead to the identification or location of Guan Tianfeng, accused of hacking firewall devices around the world in 2020.
Furthermore, just a few days ago, a federal court in Hammond, Indiana, filed formal charges against Tianfeng.
The US Department of Justice explained that Tianfeng and his accomplices operated from the Chinese company Sichuan Silence Information Technology Co. Ltd., which provides services to the Chinese Ministry of Public Security. This company has developed tools to identify and explore foreign networks, with the aim of obtaining valuable information.
How the attack worked
Hackers, including Tianfeng, discovered and exploited a previously unknown vulnerability (known as “zero-day”) in firewalls from the British company Sophos Ltd.specialized in cybersecurity.
The malware created by Tianfeng attacked this vulnerability, allowing it to steal information from infected devices and encrypt their files if victims tried to combat it. In total, around 81,000 devices were infected, including systems of American companies and a government agency.
Hacker action and Sophos response
Hackers hid their activities by registering domains that pretended to belong to Sophos, such as sophosfirewallupdate.com. However, the company discovered the intrusion and patched its customers' firewalls within two days.
Tianfeng's accomplices responded by modifying the malware, introducing a ransomware variant that encrypted files if victims tried to remove it. However, efforts to lock victims' data failed, allowing them to recover the files.
The magnitude of the attack, which even affected a US government agency, explains the high value of the reward offered by the FBI. The capture of Guan Tianfeng remains a priority in combating global cybercrime.
Source: pplware.sapo.pt
