The attackers targeted Sophos firewalls, deploying malware to steal sensitive information and encrypt files with ransomware as a failsafe against remediation efforts. The malware exploited CVE-2020-12271, a vulnerability later patched by Sophos. The operation affected over 23,000 devices in the US and more than 50,000 globally, with victims across the energy, healthcare, and financial sectors.
Sichuan Silence, a contractor for Chinese intelligence services, played a central role in deploying the malware, underscoring concerns about state-sponsored cyber activities. Guan, using the alias “GbigMao,” actively participated in vulnerability forums and cybersecurity events, further showcasing the technical expertise behind the attack.
The US Department of the Treasury has frozen US-based assets linked to Sichuan Silence and Guan, prohibiting US entities from transactions with them. Meanwhile, the Department of Justice has filed charges, including conspiracy and identity theft, against Guan. The State Department has offered a $10 million reward for information leading to their prosecution.
This case serves as a stark reminder of the escalating global cybersecurity risks. The exploitation of zero-day vulnerabilities demonstrates how advanced persistent threats continue to compromise critical systems worldwide. Governments and private sector partners must remain vigilant, collaborate internationally, and adopt robust defenses to mitigate the growing threat of cyberattacks.
Source: Csoonline
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.