ADVERTISEMENT

International

China Cybersecurity Firm Sanctioned, Employee Charged by US

By Jake Bleiberg
A Chinese flag on Nanjing East Road in Shanghai, China, on Wednesday, Oct. 2, 2024. Despite a sluggish economy and constrained consumer spending, Chinese on holiday are expected to make 1.94 billion trips on the mainland during the Golden Week — more trips than the number of citizens in the country, according to the government. (Qilai Shen/Bloomberg)

(Bloomberg) -- The US sanctioned a Chinese company it accused of working for intelligence agencies and charged one of its employees with hacking into the computer systems of thousands of businesses across the globe, including American critical infrastructure firms.

The Treasury Department on Tuesday announced sanctions against Chengdu-based Sichuan Silence Information Technology Company, Limited and one of its security researchers, Guan Tianfeng. Federal prosecutors also unsealed an indictment charging Guan with breaking into more than 80,000 firewalls in 2020 to steal company data and install a ransomware virus. 

Guan discovered a previously unknown flaw in a firewall product and used it to deploy malware on the devices, according to the Treasury Department. The purpose was to use the compromised firewalls to steal data, including usernames and passwords. But Guan also attempted to infect the victim’s systems with ransomware, according to the US officials.

China’s Foreign Ministry rejected the allegations, saying the government opposes cyberattacks and accusing the US of “scapegoating China” in a regular briefing on Wednesday.

Neither Guan nor an attorney for him could be reached for comment. Sichuan Silence and the Chinese Embassy in Washington didn’t immediately respond to emails seeking comment. 

The US State Department announced that it’s offering an award of as much as $10 million for information that helps the government find Guan.

More than 23,000 of the firewalls Guan compromised were in the US and three dozen of those were meant to protect critical infrastructure companies, including one that was drilling for oil at the time of the breach, according to the Treasury Department. 

The sanctions freeze any assets of Sichuan Silence and Guan in the US and block business with them, according to the US. Sichuan Silence provides Chinese government intelligence officials with varied hacking and cybersecurity services, US authorities said. 

The breached firewalls were sold by Sophos, which patched the vulnerability Guan had used “shortly after the intrusion,” the indictment states. If not for the quick fix by the UK-based cybersecurity firm, the Treasury Department said, the breach could have caused potentially deadly malfunctions on oil rigs. 

Ross McKerchar, Sophos’ chief information security officer, welcomed the US actions in a statement. “The scale and persistence of Chinese nation-state adversaries poses a significant threat to critical infrastructure, as well as unsuspecting, everyday businesses,” McKerchar said.

--With assistance from Allen Wan and Alan Wong.

(Updates with Chinese government comment in 4th paragraph)

©2024 Bloomberg L.P.