On Wednesday, the United States (US) announced a $10 million reward for any information leading to Guan Tianfeng’s arrest.
Tianfeng, a 30-year-old Chinese hacker has been accused of breaching computer firewalls and stealing sensitive data globally.
The State Department who made this announcement confirmed that Tianfeng is believed to be residing in Sichuan Province, China.
An indictment against Tianfeng, charging him with conspiracy to commit computer fraud and wire fraud, was unsealed alongside sanctions imposed by the U.S. Treasury Department on his employer, Sichuan Silence Information Technology Co. Limited.
According to the indictment, Tianfeng and his co-conspirators exploited vulnerabilities in firewalls produced by UK-based cybersecurity company Sophos Limited to execute a series of cyberattacks.
In April 2020, Tianfeng’s team targeted over 81,000 firewall devices worldwide, including 23,000 in the U.S.
These devices were infected with malware to steal credentials such as usernames and passwords while also attempting to deploy ransomware.
Among the affected devices, 36 firewalls were protecting critical infrastructure companies in the U.S.
The FBI credited Sophos’ rapid response for mitigating what could have been a catastrophic breach.
The U.S. Treasury Department revealed that Sichuan Silence not only facilitated hacking operations but also sold stolen data to Chinese businesses and government entities, including the Ministry of Public Security.
FBI Cyber Division Chief Herbert Stapleton emphasized that the swift actions of Sophos limited the damage from the attack.
A man who answered a call to a phone number associated with Sichuan Silence declined to comment on the sanctions and stated that the company does not accept interviews.
He also claimed that Tianfeng was “uncontactable.”
