US sanctions Chinese cybersecurity firm for firewall hacks targeting critical infrastructure


The U.S. sanctioned a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in Sophos firewalls to target U.S. organizations.

On Tuesday, the U.S. Treasury Department said Guan Tianfeng, an employee of Sichuan Silence, used the vulnerability to compromise approximately 81,000 firewalls in April 2020. The hacking campaign, detailed by Sophos in November, led to the compromise of more than 23,000 firewalls in the U.S., dozens of which were used at a government agency, and critical infrastructure companies. One of these was an energy company involved in drilling operations. The Treasury noted that the incident could have caused “significant loss in human life” if the attack had been successful.

Read more…
Source: TechCrunch


Sign up for our Newsletter


Related:

  • CIA employee pleads guilty over leak of classified Israeli plans

    January 17, 2025

    A CIA employee who was accused of leaking classified documents about Israel’s plans to strike Iran pleaded guilty on Friday to criminal charges that he willfully retained and transmitted national defense information, the U.S. Department of Justice said. In pleading guilty, Asif William Rahman, who worked at the U.S. intelligence agency since 2016, acknowledged that he ...

  • Product Security Bad Practices

    January 17, 2025

    As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle. This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for ...

  • PlugX malware deleted from thousands of systems by FBI

    January 16, 2025

    The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China (PRC) used a version of PlugX malware to control, and steal information from victims’ computers. PlugX has been around since at least 2008 but is under ...

  • UnitedHealth hid its Change Healthcare data breach notice for months

    January 15, 2025

    Change Healthcare, the UnitedHealth-owned health tech company that lost more than 100 million people’s sensitive health data in a ransomware attack last year, said on Tuesday that the company has “substantially” completed notifying affected individuals about the massive data breach. The February 2024 ransomware attack on Change Healthcare, one of the biggest processors of patient billing ...

  • With TikTok U.S. Ban Looming, Users Flock to Red Note – Another Chinese-Owned App

    January 14, 2025

    TikTok could be outlawed in the U.S. as soon as Jan. 19 over concerns about its Chinese ownership, unless it gets a reprieve from the Supreme Court or if Beijing-based parent company ByteDance complies with a federal law forcing it to sell its stake in the app. With that sword dangling over TikTok’s head, thousands of ...

  • US state sues T-Mobile over 2021 data breach which leaked data of millions

    January 7, 2025

    As part of Washington’s lawsuit, the state claims T-Mobile failed to ‘adequately secure sensitive personal information of more than 2 million Washingtonians’. This failure, the state claims, left those consumers vulnerable to fraud and identity theft. The suit claims that the breach was ‘entirely avoidable’ and explains T-Mobile had years to fix key vulnerabilities in its ...