The United States announced a $10 million reward on Tuesday for information leading to the arrest of Guan Tianfeng, a 30-year-old Chinese hacker and his co-conspirators accused of exploiting computer firewalls in a global cyberattack.
According to an indictment unsealed on Tuesday, Guan, believed to be residing in Sichuan Province, China, has been charged with conspiracy to commit computer and wire fraud.
His company, Sichuan Silence Information Technology Co. Ltd., was also sanctioned by the U.S. Treasury Department.
Deputy Attorney General Lisa Monaco said Guan and his co-conspirators exploited vulnerabilities in tens of thousands of firewall devices manufactured by UK-based Sophos Ltd.
These cyberattacks were allegedly aimed at stealing sensitive data, including usernames and passwords, and spreading ransomware.
In April 2020, Guan and his team reportedly targeted 81,000 firewall devices worldwide, including over 23,000 in the United States.
Among these, 36 devices were used by critical infrastructure companies, posing a severe threat to national security, according to the Treasury Department.
“The zero-day vulnerability Guan Tianfeng and his co-conspirators exploited affected businesses across the United States,” said FBI agent Herbert Stapleton.
Sophos Ltd. quickly identified and addressed the vulnerability, deploying a comprehensive solution that minimized the damage.
“If Sophos had not rapidly identified the vulnerability, the consequences could have been far more severe,” Stapleton added.
The indictment alleges that Sichuan Silence sold its hacking services and stolen data to private businesses and Chinese government entities, including the Ministry of Public Security.
This case highlights the ongoing cybersecurity threats posed by state-affiliated actors and underscores the need for international collaboration to combat such attacks.
The U.S. State Department’s $10 million reward reflects the high stakes in apprehending Guan and dismantling his network.
Authorities are urging anyone with information to come forward.
This latest development adds to the growing tension between the U.S. and China over cyberespionage and the exploitation of technology vulnerabilities.