Ragnarok Ransomware: U.S. Sanctions Hit Chinese Cybersecurity Firm for Firewall Fiasco
Sichuan Silence, a Chinese cybersecurity firm, faced U.S. sanctions for exploiting a Sophos XG firewall zero-day vulnerability in 2020. Employee Guan Tianfeng allegedly deployed malware on 81,000 firewalls, including those of U.S. infrastructure. The U.S. now seeks information on Guan with a $10 million reward. Sophos patched the vulnerability.
Hot Take:
When a company called “Silence” makes a loud noise in the cybersecurity world, you know something’s amiss. The U.S. Treasury Department’s latest move against Sichuan Silence proves that even the quietest can cause a ruckus, especially when they’re armed with zero-day exploits and a knack for digital mischief. It seems like Guan Tianfeng and his merry band of hackers couldn’t resist the temptation of playing the world’s most dangerous game of digital hide and seek. Maybe next time, they’ll consider a career in ethical hacking—after all, it pays better than a ten-million-dollar bounty on your head!
Key Points:
- Sichuan Silence, a Chinese cybersecurity firm, has been sanctioned by the U.S. for Ragnarok ransomware attacks.
- The company allegedly provided services to Chinese intelligence and was involved in exploiting a zero-day vulnerability.
- Guan Tianfeng, a key player, used the zero-day to breach thousands of firewalls globally, including critical U.S. infrastructure.
- The DOJ has indicted Guan, and the State Department offers a $10 million reward for information leading to his capture.
- Meta dismantled social media networks linked to Sichuan Silence due to a disinformation campaign.