Home Chinese hacker wanted by US government for firewall hacking

Chinese hacker wanted by US government for firewall hacking

TLDR

html Copy code

  • The US sanctioned a Chinese firm and charged Guan Tianfeng for hacking firewalls in 2020.
  • Hackers exploited a Sophos firewall flaw, targeting 81,000 devices, including US infrastructure.
  • Guan Tianfeng remains at large, with a $10M FBI reward for information leading to his arrest.

The US government has sanctioned a Chinese cybersecurity firm and charged Guan Tianfeng, an employee, with “a conspiracy to hack indiscriminately into firewall devices worldwide in 2020.”

Tianfeng, who goes by gbigmao, was at the center of a major hacking scandal. According to the US Treasury and Justice Department, he and his team wrote malware that exploited a vulnerability in Sophos firewall tech, or a “zero-day” exploit.

While the hack was primarily to steal data, a statement by the Treasury Department claims that “serious injury or loss of human life” was also on the table.

Targeting around 81,000 firewalls, Tianfeng and other hackers hit glaring vulnerabilities. The main one in question is CVE-2020-12271, which targets SQL databases (the most common type) by injecting bad code to give access to remote code execution. With this access, it would allow the hackers to do as they wished.

The Treasury Department reports that over 23,000 of these firewalls were within the United States. According to the report, “36 were protecting U.S. critical infrastructure companies’ systems.”

A zero-day vulnerability is usually applied to exploits in things like software, where the issue at hand isn’t immediately fixable or known to those being hacked. Sophos has been in an ongoing battle with malicious Chinese hackers for years, which it revealed in a report earlier this year.

Sophos’ Chinese hacking woes continue

wanted poster of guan tianfeng

Sophos, a UK cybersecurity company, provides security services worldwide. As it’s embedded in dozens of important systems, it makes its firewalls and security tools a prime target for hackers.

One of these targets might have been oil rigs, which the Treasury Department claims could have been subject to “malfunction” if the hack had gone through.

Part of the hack involved social engineering. To avoid being too obvious, they signed up for fake Sophos domains, which they then used as part of their hack.

Chinese hacking group, Volt Typhoon, has also been accused of striking Sophos’ infrastructure. Along with Tianfeng, they are also being sought after by the US. Other groups like APT31 and APT41 are also implicated in the hacking. Just last week, the US government issued a warning against Salt Typhoon as its hacking escalates.

However, the US hasn’t arrested Tianfeng or any of the hackers involved. He remains wanted by the FBI, with a reward of up to $10 million for information.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech, gambling and blockchain industries for major developments, new product and brand launches, AI breakthroughs, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Joel Loynds
Tech Journalist

Joel Loynd’s obsession with uncovering bad games and even worse hardware so you don’t have to has led him on this path. Since the age of six, he’s been poking at awful games and oddities from his ever-expanding Steam library. He’s been writing about video games since 2008, writing for sites such as WePC and PC Guide, as well as covering gaming for Scan Computers, More recently Joel was Dexerto’s E-Commerce and Deputy Tech Editor, delving deep into the exploding handheld market and covering the weird and wonderful world of the latest tech.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.