The United States has offered a reward of up to $10 million for information that leads to the arrest of Guan Tianfeng, a Chinese man, and his accomplices wanted for hacking computer firewalls.
Guan, 30, is believed to be residing in Sichuan Province, China, according to the U.S. State Department.
An indictment was unsealed on Tuesday, charging Guan with conspiracy to commit computer fraud and conspiracy to commit wire fraud.
The U.S. Treasury Department also announced sanctions against the company Guan worked for, Sichuan Silence Information Technology Co. Ltd.
The indictment alleges that Guan and his co-conspirators at Sichuan Silence exploited a vulnerability in firewalls produced by UK-based cybersecurity company Sophos Ltd.
“The defendant and his co-conspirators exploited a vulnerability in tens of thousands of network security devices, infecting them with malware designed to steal information from victims around the world,” Deputy Attorney General Lisa Monaco stated.
In April 2020, approximately 81,000 firewall devices were simultaneously compromised globally, with the intent to steal sensitive data, including usernames and passwords, and to infect the systems with ransomware.
More than 23,000 of the affected devices were in the United States, including 36 safeguarding “critical infrastructure companies’ systems,” according to the Treasury Department.
“The zero-day vulnerability Guan Tianfeng and his co-conspirators found and exploited affected firewalls owned by businesses across the United States,” stated FBI agent Herbert Stapleton.
“If Sophos had not rapidly identified the vulnerability and deployed a comprehensive response, the damage could have been far more severe.”
The indictment also suggests that Sichuan Silence marketed its services and the stolen data to Chinese businesses and government agencies, including the Ministry of Public Security.
A person who answered a call to a phone number registered with Sichuan Silence said the company “did not accept interviews” and refused to comment on the sanctions.
The individual, who did not identify himself, also confirmed that Guan was “uncontactable.”
