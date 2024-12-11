The United States has announced a $10 million reward for information leading to the arrest of Chinese hacker Guan Tianfeng, charged with exploiting firewall vulnerabilities to steal data

Guan, believed to be in Sichuan Province, allegedly targeted tens of thousands of devices worldwide, including critical infrastructure in the U.S., in April 2020

The indictment also led to sanctions against Sichuan Silence Information Technology, the company Guan worked for

The United States has announced a $10 million reward for information leading to the arrest of Guan Tianfeng, a 30-year-old Chinese national accused of hacking computer firewalls.

Guan is believed to be residing in China's Sichuan Province, according to the State Department.

FBI seeks information on Guan Tianfeng for hacking and wire fraud. Photo credit: FBI

Source: Getty Images

Indictment and Sanctions

An indictment unsealed on Tuesday charges Guan with conspiracy to commit computer fraud and conspiracy to commit wire fraud.

The U.S. Treasury Department has also imposed sanctions on Sichuan Silence Information Technology Co Ltd, the company Guan worked for.

Guan and his co-conspirators allegedly exploited a vulnerability in firewalls sold by UK-based cybersecurity firm Sophos Ltd.

Massive Cyber Attack

According to Deputy Attorney General Lisa Monaco, the defendants exploited a vulnerability in tens of thousands of network security devices, infecting them with malware designed to steal information.

In April 2020, approximately 81,000 firewall devices were attacked worldwide, including 23,000 in the United States.

According to Yahoo, the aim was to steal data such as usernames and passwords and attempt to install ransomware.

International Impact

The FBI noted that the zero-day vulnerability discovered by Guan and his co-conspirators affected businesses across the United States.

FBI agent Herbert Stapleton emphasized that quick action by Sophos Ltd in identifying the vulnerability and deploying a response prevented even more severe damage.

The indictment also revealed that Sichuan Silence sold hacked data to Chinese businesses and government entities, including the Ministry of Public Security.

