Source URL: https://www.theregister.com/2024/12/11/sichuan_silence_sophos_zeroday_sanctions/
Source: The Register
Title: US names Chinese national it alleges was behind 2020 attack on Sophos firewalls
Feedly Summary: Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware
The US Departments of Treasury and Justice have named a Chinese business and one of its employees as the actors behind the 2020 exploit of a zero-day flaw in Sophos firewalls…
AI Summary and Description: Yes
Summary: The U.S. Departments of Treasury and Justice have implicated a Chinese company and its employee in the 2020 exploitation of a zero-day vulnerability in Sophos firewalls, resulting in the compromise of 81,000 firewalls, including those used by U.S. government agencies. This incident highlights the ongoing cybersecurity threats posed by foreign entities and the importance of proactive measures in security infrastructure.
Detailed Description: The text outlines a significant cybersecurity incident involving a zero-day exploit that affected Sophos firewalls, highlighting both the vulnerability of critical infrastructure and the implications for U.S. national security.
– The Department of Justice (DoJ) accused a Chinese business, Sichuan Silence Information Technology Co. Ltd., and an employee named Guan Tianfeng of exploiting a critical SQL injection vulnerability (CVE-2020-12271) in Sophos firewalls.
– It was determined that the exploit led to the compromise of approximately 81,000 firewalls, of which at least one was used by a U.S. government agency.
– The attack utilized a domain name similar to the legitimate Sophos update site (sophosfirewallupdate.com) to deliver malware, extracting information from compromised devices and sending it back to a Chinese IP address.
– The U.S. government highlighted that Sichuan Silence is involved with the People’s Republic of China (PRC) intelligence services, offering a variety of cyber-related services, including network exploitation and email monitoring.
– Following the indictment of Guan, the U.S. announced a reward of up to $10 million for information leading to his identification or location.
– The Department of Treasury has sanctioned both Guan and Sichuan Silence, prohibiting any business dealings with U.S. entities and blocking their assets within U.S. jurisdiction.
– Sophos’s CISO emphasized the need for proactive innovation in cybersecurity to counteract threats posed by foreign adversaries.
This incident serves as a critical reminder of the vulnerabilities present within infrastructure security, particularly concerning foreign state actors and their capabilities. Organizations must prioritize early detection and response strategies while also fostering transparency around identified vulnerabilities to enhance overall security posture.