Chinese hacker wanted by US government for firewall hacking
The US government has sanctioned a Chinese cybersecurity firm and charged Guan Tianfeng, an employee, with “a conspiracy to hack indiscriminately into firewall devices worldwide in 2020.”
Tianfeng, who goes by gbigmao, was at the center of a major hacking scandal. According to the US Treasury and Justice Department, he and his team wrote malware that exploited a vulnerability in Sophos firewall tech, or a “zero-day” exploit.
While the hack was primarily to steal data, a statement by the Treasury Department claims that “serious injury or loss of human life” was also on the table.
Targeting around 81,000 firewalls, Tianfeng and other hackers hit glaring vulnerabilities. The main one in question is CVE-2020-12271, which targets SQL databases (the most common type) by injecting bad code to give access to remote code execution. With this access, it would allow the hackers to do as they wished.
The Treasury Department reports that over 23,000 of these firewalls were within the United States. According to the report, “36 were protecting U.S. critical infrastructure companies’ systems.”
A zero-day vulnerability is usually applied to exploits in things like software, where the issue at hand isn’t immediately fixable or known to those being hacked. Sophos has been in an ongoing battle with malicious Chinese hackers for years, which it revealed in a report earlier this year.
Sophos’ Chinese hacking woes continue
Sophos, a UK cybersecurity company, provides security services worldwide. As it’s embedded in dozens of important systems, it makes its firewalls and security tools a prime target for hackers.
One of these targets might have been oil rigs, which the Treasury Department claims could have been subject to “malfunction” if the hack had gone through.
Part of the hack involved social engineering. To avoid being too obvious, they signed up for fake Sophos domains, which they then used as part of their hack.
Chinese hacking group, Volt Typhoon, has also been accused of striking Sophos’ infrastructure. Along with Tianfeng, they are also being sought after by the US. Other groups like APT31 and APT41 are also implicated in the hacking. Just last week, the US government issued a warning against Salt Typhoon as its hacking escalates.
However, the US hasn’t arrested Tianfeng or any of the hackers involved. He remains wanted by the FBI, with a reward of up to $10 million for information.
The post Chinese hacker wanted by US government for firewall hacking appeared first on ReadWrite.